Opened 6 years ago
Last modified 6 years ago
#31209 closed Cleanup/optimization
Logic flaw in the tutorail — at Initial Version
| Reported by: | Saitama996 | Owned by: | nobody |
|---|---|---|---|
| Component: | Documentation | Version: | 3.0 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The flaw in the https://docs.djangoproject.com/en/3.0/intro/tutorial04/ where,
Writing a form
polls/templates/polls/detail.html
<h1>{{ question.question_text }}</h1>
{% if error_message %}<p><strong>{{ error_message }}</strong></p>{% endif %}
<form action="{% url 'polls:vote' question.id %}" method="post">
{% csrf_token %}
{% for choice in question.choice_set.all %}
<input type="radio" name="choice" id="choice{{ forloop.counter }}" value="{{ choice.id }}"> <!-- This should be value={{choice.pk}} -->
<label for="choice{{ forloop.counter }}">{{ choice.choice_text }}</label><br>
{% endfor %}
<input type="submit" value="Vote">
</form>
As you can see the value is passed as the choice id, however when it comes to the function,
def vote(request, question_id):
question = get_object_or_404(Question, pk=question_id)
try:
selected_choice = question.choice_set.get(pk=request.POST['choice'])
here the selected_choice is picked upon the primary key, which is fine in this case, but in case there is a conflict between the id and pk, this wont work.
Note:
See TracTickets
for help on using tickets.