Anthony thank you so very much. I will make these changes. Thank you, Jeff Riley
> On Jun 16, 2016, at 11:17 AM, Anthony <abasta...@gmail.com> wrote: > > For update forms, web2py includes the record ID as a hidden field and > verifies that it matches the original record ID on the server to ensure the > user doesn't try to update a different record. You have not included the > record ID in your form, so this verification fails. > > As noted earlier, please at least use form.custom.end in your custom HTML > forms -- otherwise, you miss out on protection from CSRF and record ID > tampering. Also, do not set session=None, or you will be open to CSRF attacks. > > Anthony > >> On Thursday, June 16, 2016 at 5:57:26 AM UTC-4, Jeff Riley wrote: >> Hey Anthony thank you very much for responding. I am attaching the code I >> use for the create form which is working great and the code for the update >> form which is giving me the grief. Please let me know if there is more >> information you might need and I so appreciate all your hep. >> >>> On Wednesday, June 15, 2016 at 8:52:22 AM UTC-5, Jeff Riley wrote: >>> All. I was going to link this to my "Pure HTML Form" question just not >>> sure how to do that. As you see in that question I was able to get past my >>> copy paste issue and get the create form to work perfectly. Thank you all >>> for the extra eyes. >>> >>> Now I am building the update form and I am getting "user is tampering with >>> form's record_id: None != 1". I have tried removing the _formkey and >>> setting session=None, but that does not seem to work either. Have been >>> searching the docs but nothing is slapping me upside the head. >>> >>> Any ideas? > > -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to a topic in the Google > Groups "web2py-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/web2py/DoSgieWkuyk/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
