Reputation: 2589
I'm passing a slug in the url like this:
url(r'^fragen/(?P<slug>[-_\w]+)/beantworten/$', qna_answer_add,
name="qna_answer_add"),
Can I use the slug like this:
qna_answer_model.question = Question.objects.get(slug=slug)
Or will it be a security risk, because it comes from the url? Do I need to do a clean up or a regex check or will Django do that automatically?
Upvotes: 0
Views: 52
Reputation: 34593
A safer alternative might be:
from django.shortcuts import get_object_or_404
def your_view(request, slug):
qna_answer_model.question = get_object_or_404(Question, slug=slug)
or if you need exacting control over what is done in the case of no Question for a slug:
from django.shortcuts import get_object_or_404
def your_view(request, slug):
try:
qna_answer_model.question = Question.objects.get(slug=slug)
except Question.DoesNotExist:
# do something else
Upvotes: 1
Reputation: 22697
yes, you can use it, django does it for you.
def your_view(request,slug):
//you can use your slug as you want
qna_answer_model.question = Question.objects.get(slug=slug)
Upvotes: 1