multiple parameters in if statement
John Machin
sjmachin at lexicon.net
Sun Apr 16 18:05:21 EDT 2006
On 17/04/2006 5:13 AM, John Zenger top-posted:
> Yup, join is better. The problem with using form.values() is that it
> will break if the HTML changes and adds some sort of new field that this
> function does not care about, or if an attacker introduces bogus fields
> into his query.
If one is worried about extra keys introduced by error or malice, then
one should check for that FIRST, and take appropriate action. Code which
is concerned with the values attached to the known/valid keys can then
avoid complications caused by worrying about extra keys.
>
> John Machin wrote:
>> On 16/04/2006 1:43 PM, John Zenger wrote:
>>
>>>
>>> The other thing I'd recommend is stick that long list of fields in a
>>> list, and then do operations on that list:
>>>
>>> fields = ['delete_id', 'delete_date', 'delete_purchasetype',
>>> 'delete_price', 'delete_comment']
>>>
>>> then to see if all those fields are empty:
>>>
>>> everything = ""
>>> for field in fields:
>>> everything += form.get(field,"")
>>
>>
>> Or everything = "".join(form.get(field, "") for field in fields)
>>
>> Somewhat labour-intensive. It appears from the OP's description that
>> no other entries can exist in the dictionary. If this is so, then:
>>
>> everything = "".join(form.values())
>>
>> but what the user sees on screen isn't necessarily what you get, so:
>>
>> everything = "".join(form.values()).strip()
>>
>>> if everything == "":
>>> print "Absolutely nothing entered!"
>>>
More information about the Python-list
mailing list