With regards to validation considering the scope of the app i'm working on, i will be using @auth.requires_login() to control and restrict who does what but thanks for bringing up digitally signed URL, i will be looking extensively in to that, its an interesting topic.
I have changed my code, i have been specific with my ID: if db(db.invoice.id == request.args(0, cast=int)).delete(): redirect(URL('registeredClients')) It does the deleting but the thing is it deletes the items that appear in my invoice one at a time, if i have 10 items i have to keep clicking the delete link 10 times until the invoice is no more but it would be great if i could be able to erase all the 10 items by clicking once, more like if i were using this if db(db.invoice.id > 0).delete(): redirect(URL('registeredClients')) but only specific to only one invoice for the selected client and not erasing everything in the database On Tuesday, January 8, 2019 at 12:05:15 AM UTC+2, Anthony wrote: > > On Monday, January 7, 2019 at 2:06:43 AM UTC-5, mostwanted wrote: >> >> My delete function is not working, I think I am doing doing something >> wrong but i'm not sure where, I thought the code below would get me home >> but nothing is happening, nothing is getting deleted! Please advice: >> >> *DELETE FUNCTION CONTROLLER CODE:* >> def deleteInvoice(): >> query=db.invoice(request.args(0, cast=int)) >> remove=db(db.invoice.customer==query.id).delete() >> > > Again, the first line serves no purpose, as it is simply used to retrieve > the ID that you already have. Just do: > > if db(db.invoice.customer == request.args(0, cast=int)).delete(): > redirect(URL('registeredClients')) > > If that's not working, presumably request.args(0) is not the value of any > "customer" in the db.invoice table, so your bug lies in the code that > produces the URL that leads here. > > Also, it doesn't look like your code does any validation to determine if > the user is allowed to delete all of these customer invoices. You should > probably confirm that the customer ID submitted is the customer ID of the > current user (you could use a digitally signed URL, a session variable, or > do a lookup). > > Anthony > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.