Re: Dynamic user-filtered search

Cool. I'll to some work on this and check back to make sure it's not
insecure.

On Nov 12, 7:27 am, Masklinn <maskl...@masklinn.net> wrote:
> On 2010-11-12, at 13:20 , Ed wrote:
>
>
>
> > It seems simple from a SQL point of view, but I'm wondering what the
> > best implementation would be from to go from a django form to MySQL.
> > The above is an example.  In practice, I would want to dynamically
> > populate the filter criteria/fields. Any suggestions on a starting
> > point?
>
> Create a strict translator (remember that your users can and will try to bypass/exploit whatever you give them, including selects) from whatever your form returns to a dict, which will be sent to .filter as a **kwargs?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.