I have a django project and the forms are constructed in HTML rather than as a django object. I retrieve the values via a post class function in the view. Because I'm not constructing forms through django, do I need to sanitize the form data? If I need to sanitize the data, what django method can I use?
Thanks for your help!
There's no reason why you can't construct a Form class that respects the parameters of the HTML form. There's not really any magic to it. Django offers tools to generate the HTML pragmatically, but you don't have to use it.
You can leverage all the power of Django's form validation--just make sure the Form class fields align with the field names in your HTML and bind it to the POST data. If your Form's parameters change, you'll have to update the markup.
Related
Question: Is there a way to inject form field validation on the ModelForm instead of the Model?
Justification: I have three ModelForm's that update the same Model instance, which have default conditions for blank. I should have designed three different Models for each form, but I'm to far in to make a change.
Please assist!
Thanks,
Neel
ModelForm is a kind of Form (as it inherits from BaseForm), so you can use Form field validation methods to do it because clean() method is inheried from BaseForm. So for field named foo you use clean_foo() method to do cleanup
leotrubach's answer is the way to go, I just want to add that the django documentation on the subject is a good read.
Given a FormView associated to a Form, once the form is submitted some fields are sent to the FormView (those the user has filled).
Question: How can I send to the FormView other fields even if the user didn't fill them (because the fields were already prepopulated)? I need more data than the user provides in order to be used in form_valid
If the data is not sensitive you might want to add them to your form as hidden fields. In django you can achieve this with a FormWidget. There are a few related questions here on SO:
Change a django form field to a hidden field
Django ModelForm to have a hidden input
Be aware that this just hides your data in the user interface, not in the browser - if you are in trouble if someone will change this data in an evil matter, you might consider writing the data in the session.
I have a (quite complex) HTML form full of logic that triggers based on different choices in the selectpickers with fields that don't have quite the same names as the corresponding fields in the Django model, and sometimes I fear that I will need to add some logic when it comes to going from the data sent from the HTML form and to the Django model. I realise that I can probably not use a ModelForm in Django to handle this and have been looking for some examples of using the standard django.forms.Form to map the HTML form into my model but I haven't really found much. Can someone give me some hints?
It sounds as though your html form already exists and somehow you want to read in the POST data from that form. Without making any further assumptions as to how you ended up with an html form without a django ModelForm or forms.Form output via a view - as long as the form action location is mapped via a route to a view - the view can then process the request.POST data. Again all form validation goodness of django is out the door if you did not use django forms (model or forms based) and you have to do your own validations in the view then. Once the form data has been validated, initialize your model object like this: my_obj = ModelName(field_name1=form_input_data1, field_name2=form_input_data2, ...) and that's it. Then you can do my_obj.save().
Now let's say, it's not so bad. You actually are using the forms.Form inheritance to create your django-istic form class which has no direct relationship with the model. Now you can use the form related validation clean_field and clean steps etc... as well as all the built-in field types internal validation django automatically does. Then when you read in the POST data - do whatever it takes to map the form fields (via any transformation as necessary) to the django model object you are trying to construct, keeping in mind the default values and any model save custom assignments that may happen.
You can not just map a html form into your django model. You need to create a model form first and then render it in html.
If you want to somehow map your html form to model. First render your ModelForm in html. Create the exact copy of the html format of your django form and use it in html. Catch that in your view and process it like model form. But anyway you have to create the ModelForm.
I am using materializecss to give my django site some material elements. I have put together a form (the 'old' way using html) but now realised I need to use a django form instead. The problem is, these forms don't play well with materialises built in column system (they use classes to determine rows and column spacing). Here is an example of the layout I set up so far. However when defining the form through form.py, it spits out one input per layer.
My question is: what can I do to either a) get django to work with the html-defined form or b) make a 'form template' to give the input fields the appropriate classes?
If you want to see the code I can post some but I'm quite a new coder so it's messy.
Thanks!
There are three ways I can think of off the top of my head.
If you want full control over the HTML form, in a Django template or HTML form, simply map the names of your fields to match the underlying field names in the Django form. This way, when POSTed back to your view, Django will automatically link up the POSTed fields with the Django form fields.
For example, if you have a field username in your Django form (or Django model if using ModelForm), you could have an element <input type="text" name="username" maxlength="40"> (that you can style any way you need) on your HTML form that Django will happily parse into your Django form field, assuming your view is plumbed correctly. There is an example of this method in the Django documentation.
Another way is to customize the Django form field widgets in your Django form definition. The Django documentation talks a little bit about how to do this. This is great for one offs, but is probably not the best approach if you expect to reuse widgets.
The final approach would be to subclass Django form field widgets to automatically provide whatever attributes you need. For example, we use Bootstrap and have subclassed nearly all of the widgets we use to take advantage of Bootstrap classes.
class BootstrapTextInput(forms.TextInput):
def __init__(self, attrs=None):
final_attrs = {'class': 'form-control'}
if attrs is not None:
final_attrs.update(attrs)
super().__init__(attrs=final_attrs)
Then it's simply a matter of letting the Django form know which widget to use for your form field.
class UsernameForm(forms.ModelForm):
class Meta:
model = auth.get_user_model()
fields = ['username']
widgets = {'username': BootstrapTextInput()}
Hope this helps. Cheers!
i have a question concerning the form api in django. I've created a regular form class but don't want to rewrite a html select field with hundreds of options into the form class. instead I want to put it directly into the template.
How do i integrate the information of the request (eg. request.POST.get('Country')) from the select field into my regular validation process and make it accessible as one validated set of data like form.cleaned_data ?
Hope i could make myself clear...
Thanks a lot