|
maker joe
makerjoe at gmail.com
Fri Jun 22 03:10:28 EDT 2007
right it was my mistake composing the message, instead of deleting the plus sign i deleted the mod sign. sorry On 6/22/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote: > On 22/06/07, maker joe <makerjoe at gmail.com> wrote: > > hi graham > > > > there is a mistake on > > locals()["_%s"+%k] = req.form[k] > > > > should be > > locals()["_%s"+k] = req.form[k] > > Actually, it should have been: > > locals()["_%s"%k] = req.form[k] > > as was trying to use mod operator on the string in preference to > addition of string so that auto conversion of string would happen. > > Did this as for some reason, maybe old versions of mod_python, I have > see a None key come through. If this did occur the addition of strings > would fail as adding string with None, where as mod operator would > have converted None object to None value in string and not died. Yes > it could wipe out other field if one was called None, so by rights if > this is still an issue should use: > > if k: > locals()["_%s"%k] = req.form[k] > > Graham > > > kind regards > > joseluis > > > > On 6/21/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote: > > > On 22/06/07, maker joe <makerjoe at gmail.com> wrote: > > > > sure you convinced me > > > > > > > > but why not ? > > > > for k in req.form: > > > > exec ("_"+k+"="+"req.form[k]") > > > > print k,_test > > > > > > Using a prefix is one way of avoiding the problem, but don't use exec > > > as there is no need to. Use: > > > > > > locals()["_%s"+%k] = req.form[k] > > > > > > Graham > > > > > > > On 6/21/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote: > > > > > On 22/06/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote: > > > > > > > and > > > > > > > req.form['varx'] by _varx > > > > > > > > > > > > Don't recommend pushing form fields in local name space as doesn't > > > > > > make it as obvious that it is a form field and there would be a > > > > > > tendency not to perform checks to make sure the field you are looking > > > > > > for actually exists. Also, it will all possibly blow up if someone > > > > > > supplied a field you weren't expecting which replaced some important > > > > > > data or clashed with a keyword. > > > > > > > > > > > > If you really must do something like that though, you might adapt the > > > > > > following code from mod_python.util.apply_fs_data(). Replace 'fs' with > > > > > > req.form and replace args with locals(). > > > > > > > > > > > > # add form data to args > > > > > > for field in fs.list: > > > > > > if field.filename: > > > > > > val = field > > > > > > else: > > > > > > val = field.value > > > > > > args.setdefault(field.name, []).append(val) > > > > > > > > > > > > # replace lists with single values > > > > > > for arg in args: > > > > > > if ((type(args[arg]) is ListType) and > > > > > > (len(args[arg]) == 1)): > > > > > > args[arg] = args[arg][0] > > > > > > > > > > BTW, if using publisher, a quicker way of doing this would be: > > > > > > > > > > def func(req, arg1, args, **args): > > > > > locals().update(args) > > > > > ... > > > > > > > > > > As I said though, this is dangerous as someone outside your web site > > > > > can directly modify data your function uses to execute or cause your > > > > > handler to crash in bad ways. > > > > > > > > > > For example, with publisher function: > > > > > > > > > > def index(req, **args): > > > > > locals().update(args) > > > > > req.content_type = 'text/plain' > > > > > return 'mod_python.publisher', req.filename > > > > > > > > > > If URL of: > > > > > > > > > > http://localhost:8002/~grahamd/publisher/index.py?req=xxx > > > > > > > > > > is used, I get an error saying: > > > > > > > > > > AttributeError: 'mp_request' object has no attribute 'append' > > > > > > > > > > This is because I was able to replace the request object argument with > > > > > another value. > > > > > > > > > > Same problem will occur if using the longer example I showed before. > > > > > > > > > > Hopefully you will now be convinced this is a bad bad idea. > > > > > > > > > > Graham > > > > > > > > > > > > > > >
|