1

I wrote a small authentication application where i used manual template rendering. I can fetch and update data from from forms but i just want to validate the fields. But i can't move forward as i didn't use any Django form models.Client side validation is going on but what about the Server side validation.

Using python v3 and Django v2 I didn't used forms model doesn't inherited from the forms.py . So how can i validate?? my tempalate file for signup. `

        <form action="{% url 'register' %}" method="post">
            {% csrf_token %}
            {% for message in messages %}
            <div class="alert {% if message.tags %} alert-{{ message.tags }}{% endif %}">{{ message|safe }}</div>
        {% endfor %}

            <h3>Registration Form</h3>
            <div class="form-group">
                <input type="text" name="first_name" placeholder="First Name" class="form-control" required>
                <input type="text" name="last_name" placeholder="Last Name" class="form-control" required>
            </div>
            <div class="form-wrapper">
                <input type="text" name="email" placeholder="Email Address" class="form-control" required>
                <i class="zmdi zmdi-email"></i>
            </div>
            <div class="form-wrapper">
                <input type="text" name="phone" placeholder="Phone" class="form-control" required>
                <i class="zmdi zmdi-phone"></i>
            </div>
            <div class="form-wrapper">
                <input type="password" name="password1" placeholder="Password" class="form-control" required>
                <i class="zmdi zmdi-lock"></i>
            </div>
            <div class="form-wrapper">
                <input type="password" name="password2" placeholder="Confirm Password" class="form-control"
                       required>
                <i class="zmdi zmdi-lock"></i>
            </div>
            <button>Register
                <i class="zmdi zmdi-arrow-right"></i>
            </button>
        </form>
    </div>
</div>

` views.py

def register(request):
if request.method == "POST":
    first_name = request.POST['first_name']
    last_name = request.POST['last_name']
    phone = request.POST['phone']
    email = request.POST['email']
    password1 = request.POST['password1']
    password2 = request.POST['password2']
    if password1 == password2:
        if User.objects.filter(phone=phone).exists():
            messages.info(request, 'Requested phone exists')
        elif User.objects.filter(email=email).exists():
            messages.info(request, 'Requested email exists')
            return redirect('register')
        else:
            user = User.objects.create_complete_user(first_name=first_name, last_name=last_name, phone=phone,
                                                     email=email, password=password1)
            user.save()
            messages.info(request, 'successfully user object is created')
            return redirect('login')
    else:
        messages.info(request, 'Passwords not matching')
    return redirect('register')
else:
    return render(request, 'signup.html')
skhynixsk
  • 194
  • 6
  • 1
    You need to add the code in question so we are able to assess it. Otherwise we can only wild-guess. – Agey Jul 30 '19 at 13:01
  • @https://stackoverflow.com/users/473354/agey i just want to know that how can i validate my form data that has to be putted in the database. While i manage to register or create a user in the adminstrator page, it validates all the field as it uses a Usercreationform but am not using any form. I am explicitely creating form in the template and mapping the values for database manupulation. – skhynixsk Aug 06 '19 at 10:38
  • If you want to properly validate and sanitize your data, use django forms. And use them for rendering too, using forms doesn't mean you can't keep the hand on the generated html. – bruno desthuilliers Aug 06 '19 at 11:35

2 Answers2

1

The only situation I can think of for adding your forms separately from Django is when your front-end and back-end are split apart and they communicate though an API. If this is the case, you should use serializers for validation. More details here: https://www.django-rest-framework.org/api-guide/serializers/

If you have a special situation in Django and you still want to use your coded HTML form, you will also need to create a Django form that mirrors the form you made in HTML. Lets say you have the following HTML input types:

<form>
<input type="email" name="my_email">
<input type="text" name="my_text">
<input type="file" name="my_file">
</form>

Your form in django must be identical

#forms
class Myform(forms.Form):
    my_email = forms.EmailField()
    my_text = forms.CharField()
    my_file = forms.FileField()

# view
def myview(request):
    myform = Myform(request.POST, request.FILES)
    if myform.is_valid():
        # Cleaned and validated data
        my_email = myform.cleaned_data["my_email"]
        my_text = myform.cleaned_data["my_text"]
        my_file = myform.cleaned_data["my_file"]
        # Do here whatever you need to do with

Never save data that has not been validated and cleaned.

# Never do this.
def myview(request):
    my_email = request.POST["my_email"]
    request.user.email = my_email
    request.user.save()

Note: This is untested code and might not work as is. But it serves as an example of what you should do.

Agey
  • 891
  • 8
  • 17
0

Short answer: use django forms.

Longest answer: use django forms.

Proper validation / sanitization of user inputs is not trivial (if you want to do it right at least) and doing it manually you will only end up rewriting most of the existing form validation code, without the man/years of design, implementation, debugging, fixed security issues (and there are quite a few) etc you'll get from using django forms.

bruno desthuilliers
  • 75,974
  • 6
  • 88
  • 118