Notes on keyed tables and forms (avoid "user is tampering with form" errors)

[DenesL]

Hello w2p users,

there have been some reports about "user is tampering with form" errors while working with keyed tables.

When working with forms (FORM, SQLFORM, etc.) the primarykey field or fields *MUST* be part of the request in order to avoid the error message.
This means that you can either:

1) Have the primarykey fields in the request.vars

2) Add them via form hidden fields (special care should be exercised with custom forms).
Note that
  db.table.primarykeyfield.writable = False
falls under this case, since the primary key field will not be in the form.

Hope this helps,
Denes