multiple parameters in if statement
John Zenger
john_zenger at yahoo.com
Sun Apr 16 15:13:09 EDT 2006
Yup, join is better. The problem with using form.values() is that it
will break if the HTML changes and adds some sort of new field that this
function does not care about, or if an attacker introduces bogus fields
into his query.
John Machin wrote:
> On 16/04/2006 1:43 PM, John Zenger wrote:
>
>>
>> The other thing I'd recommend is stick that long list of fields in a
>> list, and then do operations on that list:
>>
>> fields = ['delete_id', 'delete_date', 'delete_purchasetype',
>> 'delete_price', 'delete_comment']
>>
>> then to see if all those fields are empty:
>>
>> everything = ""
>> for field in fields:
>> everything += form.get(field,"")
>
>
> Or everything = "".join(form.get(field, "") for field in fields)
>
> Somewhat labour-intensive. It appears from the OP's description that no
> other entries can exist in the dictionary. If this is so, then:
>
> everything = "".join(form.values())
>
> but what the user sees on screen isn't necessarily what you get, so:
>
> everything = "".join(form.values()).strip()
>
>> if everything == "":
>> print "Absolutely nothing entered!"
>>
More information about the Python-list
mailing list