[py][mx]django form验证-给db减压
生活随笔
收集整理的這篇文章主要介紹了
[py][mx]django form验证-给db减压
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
django form認證-解壓db壓力
- 一般系統都需要前后端都驗證
- 前端驗證容器逃逸破解,如通過js console口去發
試想如果后端只有db驗證,那么前端無論發什么后端都查詢一次db,對db壓力太大, 所以后端 先通過form驗證,對其長度等驗證通過后才db驗證.
新建forms.py
forms.py里的字段要和前端的login表單字段name對應上
users/forms.py
from django import formsclass LoginForm(forms.Form):username = forms.CharField(required=True)password = forms.CharField(required=True)users/viewspy
from django.contrib.auth import authenticate, login from django.contrib.auth.backends import ModelBackend from django.db.models import Q from django.shortcuts import render from django.views.generic import View # Create your views here. from users.forms import LoginForm from users.models import UserProfileclass UserView(View): # 新的login view. 繼承了View類,它里面實現get post等方法, 使用類模式寫免去了函數模式的判斷def get(self, request):return render(request, "login.html", {})def post(self, request):login_form = LoginForm(request.POST) # 傳遞進來的字段先進行表單驗證,如果規則通過在進入查庫邏輯if login_form.is_valid():user_name = request.POST.get("username", "") # 字典取值,如果無,賦值為空pass_word = request.POST.get("password", "")user = authenticate(username=user_name, password=pass_word)if user is not None: # 用戶名密碼驗證成功login(request, user) # django執行用戶登錄return render(request, "index.html")else:return render(request, "login.html", {'msg': "用戶名或密碼錯誤"})else:return render(request, "login.html", {'msg': "用戶名或密碼不符合規則"})此時如果前端什么都不輸入提交
debug模式看到
返回form報錯到前端
users/views.py
class UserView(View): # 新的login view. 繼承了View類,它里面實現get post等方法, 使用類模式寫免去了函數模式的判斷def get(self, request):return render(request, "login.html", {})def post(self, request):login_form = LoginForm(request.POST) # 傳遞進來的字段先進行表單驗證,如果規則通過在進入查庫邏輯if login_form.is_valid():user_name = request.POST.get("username", "") # 字典取值,如果無,賦值為空pass_word = request.POST.get("password", "")user = authenticate(username=user_name, password=pass_word)if user is not None: # 用戶名密碼驗證成功login(request, user) # django執行用戶登錄return render(request, "index.html")else:return render(request, "login.html", {'msg': "用戶名或密碼錯誤"})else:return render(request, "login.html", {'msg': "用戶名或密碼不符合規則", "login_form": login_form}) # 將django的form驗證失敗內置信息發給前端展示用templates/login.html
<!DOCTYPE html> <html lang="en"> <head><meta charset="UTF-8"><title>login</title> </head> <body> <div><form action="/login/" method="post"><p><input type="text" name="username" placeholder="username"></p><p><input type="text" name="password" placeholder="password"></p><p><input type="submit"></p>{% csrf_token %}</form>{% if login_form.errors.username %}{% for key,value in login_form.errors.items %}{{ key }}: {{ value }}{% endfor %}{% endif %}{{ msg }} </div> </body> </html>也可以單獨把erros提取出來返回給前端, 如error_msg = user_input_obj.errors
form有2個作用: 1, 驗證 2,生成html(另一種寫法了)
if user_input_obj.is_valid():#form驗證通過...else:error_msg = user_input_obj.errorsreturn render(request, "user_list.html", {'obj': user_input_obj, 'errors': error_msg})#錯誤信息返回前端頁面:<form action="/user_list/" method="post"><p>用戶類型: {{ obj.user_type }} <span>{{ errors.user_type }}</span></p>....{% csrf_token %}</form>轉載于:https://www.cnblogs.com/iiiiiher/p/8397628.html
總結
以上是生活随笔為你收集整理的[py][mx]django form验证-给db减压的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 线程间操作无效: 从不是创建控件“but
- 下一篇: SQL Server 大数据搬迁之文件组