Skip to main content

Python Django : Handling Html Forms

Python Django : Handling Html Forms

forms are an important component in web programming. They are used to create a resource in the server when the form is submitted. A form can request differents type of data from the user that can be passed to the server and use later.

In this article, we create an HTML form which requests some data from user and after submitting this form, data are save in database which we can use later.

First, create a basic form template which asks for user some information, In this example we  just stick with basic details like name and age but you can write more ( you should know the basic HTML).



Now look at the below code how to handle this form.




There are lots of details in the above image. Let cover one by one

In the index.html, we create a form which has labels, the input field, and a submit button. two things new in this form, action attribute, and {% csrf_token %}.
action attribute in form is just like href in an anchor tag, which contains the path/url that is followed when form is submitted.


Next is {% csrf_token %}, this one is essential for Cross Site Request Forgery Protection. Django provides many security features out of the box, csrf_token is one of these.


{% csrf_token %} is compulsory whenever you try to submit the form via post method. If you want to exercise just change the method to GET and omit the {% csrf_token %} and try to submit, yes it works, but look at the urlbar it looks like this.



It contains the data which user submitted via the form If details are private like password and userID you should always use POST method instead of GET. To use POST method you need to include {% csrf_token %} in your form.

In the views we are returning just the HttpResponse instead of html page.

Now save the data to the database which user send via form submission and render a page with all user data.




In the above image, we create a model, Myuser with name and age field, In temp function of views.py we make some edit, first check for
request method if not POST then return an error message. ( if someone tries to goes /formSubmit path by typing in browser urlbar then it is a GET request and form won%u2019t be submitted).

All the data which user submit is store in a request.POST dictionary with the key is name attribute of the input field of HTML form 
After extracting name and age from form, we can print and store data in database using Myuser model we have created and return a success HttpResponse.

Now there is one more view userlist which extract all user from the database and pass in list.html via context dictionary. In
urlpatterns we add path for this view which name is userlist.

So here is our list.html, with the use of template language we can iterate and print every element in userlist.



Now if you want you can add link in this page to go to form page and add new user, you should be now able to do this.

Popular posts from this blog

Introduction to Java Security

Introduction to Java Security The Java security architecture includes a large set of application programming interfaces (APIs), tools, and implementations of commonly-used security algorithms, mechanisms, and protocols. The Java security APIs span a wide range of areas. Cryptographic and public key infrastructure (PKI) interfaces provide the underlying basis for developing secure applications. Interfaces for performing authentication and access control enable applications to guard against unauthorized access to protected resources. The JDK includes a number of providers that implement a core set of security services. It also allows for additional custom providers to be installed. This enables developers to extend the platform with new security mechanisms. The JDK is divided into modules. Modules that contain security APIs include the following:

Module Description java.base Defines the foundational APIs of Java SE;  contained packages include java.securityjavax.cryptojavax.net.ssl,  and…

SQL Injection

Overview A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands. Threat ModelingSQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.SQL Injection is ve…

Insertion Node in the Linkelist.

In this post, methods to insert a new node in linked list are discussed. A node can be added in three ways
1) At the front of the linked list
2) After a given node.
3) At the end of the linked list
public class Linkedlist { Node head; class Node{ int data; Node next; Node(int d){ data =d; next=null; } } // INSERT THE NODE AT THE BEGIN OF LINKEDLIST. public void insertAtfront(int new_data){ // Node temp = head; Node new_node = new Node(new_data); new_node.next = head; head = new_node; }  // INSERT THE NODE AT THE GIVEN POSITION IN LINKEDLIST.
public void insertAtGiven(Node prev_node,int new_data) { if(prev_node == null){ System.out.print("previous node can't be null"); return; } Node new_node = new Node(new_data); new_node.next = prev_node.next; prev_node.next = new_node; } // INSERT THE NODE  AT THE END OF THE LINKEDLIST.   public void insertAtEnd(int new_data){ Node new_node = new Node(new_data); new_node.nex…