We recently discussed this here: https://groups.google.com/forum/?fromgroups#!topic/web2py/Ez_pxGFCsVE
The book implies passing a string as a query will work: http://web2py.com/books/default/chapter/29/7#Links-to-referencing-records (see the list_records function). However, appadmin doesn't try to use the string as a query -- it execs the string to make it a query: http://code.google.com/p/web2py/source/browse/applications/welcome/controllers/appadmin.py#90 I suppose it could be a security risk if the string is coming from an untrusted source. Anthony On Tuesday, January 24, 2012 10:15:24 PM UTC-5, Massimo Di Pierro wrote: > > Can you check trunk? I have fixed that one line but not sure if this > should be supported and what the consequences. > > On Jan 24, 8:40 pm, pbreit <pbreit...@gmail.com> wrote: > > I'm getting an error when using a string as a query instead of an actual > > DAL-style query object. This used to work. My guess is that it broke > around > > the time of this changeset which implemented "ignore_common_filters": > > ee791c9a6b9c< > http://code.google.com/p/web2py/source/detail?path=/gluon/dal.py&r=ee...> > > > > File "/Users/pbreit/web2py/gluon/dal.py", line 1194, in _select > > if query and not query.ignore_common_filters: > > AttributeError: 'str' object has no attribute 'ignore_common_filters' > > > > query"grouping!='test' AND status='active' AND title LIKE > '%newer%'"query.ignore_common_filtersundefined > > > > My code looks something like this: > > > > query = "status='active'" > > > > rows = db(query).select(db.item.ALL) > > > > I'm using a string as a query in order to do a Postgres full text search.
