It's probably lame, but I'm attempting to port NerdDinner to web2py
(http://nerddinnerbook.s3.amazonaws.com/Part11.htm), in this section
they have some javascript code that says this:
//... do a bunch of stuff to get lat/lon from user entered address ...
//If we've found exactly one place, that's our address.
if (points.length === 1) {
$("#Dinners_Latitude").val(points[0].Latitude);
$("#Dinners_Longitude").val(points[0].Longitude);
}
Which queries bing map service for lat/lon of a user entered address.
The JS snippet places the result from the query in 2 hidden input
boxes and their controller stores them in the DB.
If I set readable/writable to False, they won't display when the page
is rendered... thus the JS will have no place to put the results.
Ideally, I'd have the controller do the work of figuring out the lat/
lon, but I'm just doing a port and got suck at this point here.
Am I making sense?
Thanks,
Rob
On Aug 9, 3:07 pm, mdipierro <mdipie...@cs.depaul.edu> wrote:
> You can make something like this work you should not. It is a security
> vulnerability to have a editable hidden field because it does not
> prevent the client from editing. In web2py you should never need
> something like this. Just make the field invisible:
>
> db.Dinners.Latitude.readable=False
> db.Dinners.Latitude.writable=False
>
> On Aug 9, 3:12 pm, Rob <r...@rmdashr.com> wrote:
>
> > after
> > reading:https://groups.google.com/group/web2py/browse_frm/thread/bd7b06b759c9...
>
> > It looks like what I can do is this:
> > db.Dinners.Latitude.widget=lambda
> > field,value:SQLFORM.widgets.StringWidget.widget(field,value,_type="hidden")
>
> > Will this work? I'll test when I get home tonight.
>
> > On Aug 7, 10:21 pm, Rob <r...@rmdashr.com> wrote:
>
> > > I have a model that has a 'Address', 'Lat' and "Lon' field. When the
> > > user enters an address, some javascript currently populates the 'Lat'
> > > and 'Lon' fields and they get inserted into the DB via crud.create()
> > > or crud.update().
>
> > > How do I hide these fields from the user, but allow the JS to insert
> > > the correct values? Idealy, I would like to turn these fields from
> > > input fields to hidden fields.
>
> > > Possible?
>
> > > just for reference:
> > > model:
> > > db.define_table('Dinners',
> > > Field('Address', requires=IS_NOT_EMPTY()),
> > > Field('Latitude', 'double'), # <== I want this to be a hidden
> > > field
> > > Field('Longitude', 'double')) # <== I want this to be a hidden
> > > field
>
> > > controller:
> > > def Create():
> > > crud.settings.formstyle='table2cols'
> > > form = crud.create(db.Dinners)
> > > return dict(form=form)
>
> > > view:
> > > {{=form}}
>
> > > Thanks!
>
>
