On 29 mar, 09:12, Thierry Chich <[email protected]> wrote: > Le lundi 29 mars 2010 02:14:34, [email protected] a écrit :> > OK. I can > also put an hidden field in my form. I will evaluate what is > > > the better option for me. > > > Bear in mind if you exclude it from your form altogether there is > > nothing to stop a malicious user setting it by modifying the post > > data. > > > Peter > > You would say : if i use an hidden form. If I exclude the field from my > ModelFrom, a corrupted POST can not have an effect. I just have to set the > field > value in the model, and it is done, isn't it ?
Yeps, right. To summarize : if you don't want the user being able to set a field from a modelForm, then exclude it from the modelForm and set it on the instance. Using a hidden field will "kind of" work - if you don't care about security, that is !-) -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
