security when using MyModel.objects.get(name=some_var) in Django

Posted by pablo on Stack Overflow See other posts from Stack Overflow or by pablo
Published on 2010-03-19T02:42:39Z Indexed on 2010/03/19 2:51 UTC
Read the original article Hit count: 260

Filed under:

django

|

validation

Hi,

Is it safe to query with object.get without escaping or validation user submitted value?

For example:

some_var = request.POST.get('some_key')
obj = MyModel.objects.get(name=some_var)

Can the user submit malicious data?

Thanks

© Stack Overflow or respective owner

Related posts about django

Overriding the save() method of a model that uses django-mptt

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been using django-mptt in my project for a while now, it's fabulous. Recently, I've found a need to override a model's save() method that uses mptt, and I'm getting an error when I try to save a new instance of that model: Exception Type: ValueError at /admin/scrivener/page/add/ Exception Value:… >>> More
Where is meta.local_fields set in django.db.models.base.py ?

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm getting the error: Exception Value: (1110, "Column 'about' specified twice") As I was reviewing the Django error page, I noticed that the customizations the model User, seem to be appended to the List twice. This seems to be happening here in django/db/model/base.py in base_save(): values… >>> More
Deploying Django on EC2 using Bitnami Djangostack: WSGI script cannot be loadded

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been struggling to deploy Django application on Amazon EC2 using Bitnami Djangostack for the last couple of days. When I go to http://dewey.io I see the default bitnami page (/opt/bitnami/apache2/htdocs/index.html), however, when I open http://dewey.io/portnoy, I get 'Internal Server Error'… >>> More
Internal Server Error with mod_wsgi [django] on windows xp

as seen on Stack Overflow - Search for 'Stack Overflow'
when i run development server it works very well, even an empty project runing in mod_wsgi i have no problem but when i want to put my own project i get an Internal Server Error (500) in my apache conf i put WSGIScriptAlias /codevents C:/django/apache/CODEvents.wsgi <Directory "C:/django/apache"> Order… >>> More
Internal Server Error with mod_wgsi [django] on windows xp

as seen on Stack Overflow - Search for 'Stack Overflow'
when i run development server it works very well, even an empty project runing in mod_wsgi i have no problem but when i want to put my own project i get an Internal Server Error (500) in my apache conf i put WSGIScriptAlias /codevents C:/django/apache/CODEvents.wsgi <Directory "C:/django/apache"> Order… >>> More

Related posts about validation

How can I use Windows Workflow for validation of a Silverlight application?

as seen on Programmers - Search for 'Programmers'
I want to use Windows Workflow to provide a validation service. The validation that will be provided may have multiple tiers with chaining and redirecting to other stages of validation. The application that will generate the data for validation is a Silverlight app. I imagine the validation will… >>> More
HTML5 Form Validation

as seen on Stephen Walter - Search for 'Stephen Walter'
The latest versions of Google Chrome (16+), Mozilla Firefox (8+), and Internet Explorer (10+) all support HTML5 client-side validation. It is time to take HTML5 validation seriously. The purpose of the blog post is to describe how you can take advantage of HTML5 client-side validation regardless of… >>> More
HTML5 Form Validation

as seen on Stephen Walter - Search for 'Stephen Walter'
The latest versions of Google Chrome (16+), Mozilla Firefox (8+), and Internet Explorer (10+) all support HTML5 client-side validation. It is time to take HTML5 validation seriously. The purpose of the blog post is to describe how you can take advantage of HTML5 client-side validation regardless of… >>> More
Introducing Data Annotations Extensions

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Validation of user input is integral to building a modern web application, and ASP.NET MVC offers us a way to enforce business rules on both the client and server using Model Validation. The recent release of ASP.NET MVC 3 has improved these offerings on the client side by introducing an unobtrusive… >>> More
jQuery validation per multiple fieldsets, how to use different event to trigger validation per secti

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi All! I have a really, really long form (about 300 fields) that I broke down into different sections using this slick jQuery plugin Form Wizard. If you group your form into different fieldsets, the FormWizard will automagically display one section at a time, with a Next hyperlink to take you to… >>> More