There are two subfolders: private and uploads
You should not mess up with uploads. Let SQLFORM put staff there and
download retrieve it. You can manually do it but ONLY if you use
db.table.insert(fieldname=db.table.fieldname.store
(stream,'filename'))
This is very special folder because there are a lot of security
implications in having users uploads data (directory traversal
attacks) and download data (authorizations). Let web2py deal with it
by the book. It is complicated. There is a lot of code in web2py just
to deal with this.
Files that public should go in static/.
Everything else should go in private but now you are on your own. You
decide file naming conventions but you are also responsible for
security holes.
Massimo
On Jan 7, 4:36 pm, weheh <richard_gor...@verizon.net> wrote:
> How about with an <input type='textarea' name='xyz' /> which I then
> write to a file abc under uploads/folder1/folder2 and want to insert
> into the db.doc.filename, which is of type 'upload'?
>
> On Jan 7, 8:54 am, mdipierro <mdipie...@cs.depaul.edu> wrote:
>
> > If you have an <input type="file" name="xyz"/> represented as a
> > FieldStorage in request.vars.xyz you can do
>
> > db.doc.insert(filename=db.doc.filename.store
> > (request.vars.xyz.file,request.vars.xyz.filename))
>
> > On Jan 7, 1:37 am, weheh <richard_gor...@verizon.net> wrote:
>
> > > # model
> > > db.define_table('doc',
> > > Field('title','string'),
> > > Field('filename','upload')
> > > )
>
> > > #controller
> > > text_form=SQLFORM.factory(Field('text_in','text',db.doc))
> > > file_form=SQLFORM.factory(db.doc)
> > > ...
> > > if text_form.accepts(request.vars,formname='text_form'):
> > > #insert data into the doc table
> > > ...
> > > if file_form.accepts(request.vars,formname='file_form'):
> > > # etc
>
> > > The view has custom forms for both text_form and file_form.
>
> > > The question is ... how to properly insert data into the doc table in
> > > the case of the text_form? text_form.vars.text_in has the results of
> > > textarea form field. These data are easily stored in an uploads/
> > > file.txt file. The question is how to make the db.doc.filename field
> > > point to the uploads/file.txt file such that it will be consistent
> > > with a true file upload vs. a text field upload? Just inserting the
> > > name of the uploads/file.txt into the db.doc.filename field isn't the
> > > right way. (Hope this is clear enough.)- Hide quoted text -
>
> > - Show quoted text -
>
>
--
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to web...@googlegroups.com.
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en.
