7 Forms, user data, static files, and uploads
This chapter covers
- Writing views that handle form submissions
- Using the
Formclass to write web forms - Cross-site request forgery (CSRF) protection
- Using the
ModelFormto create forms based onModelclasses - Writing views that handle file uploads
- Providing access to both uploaded and static files
This chapter covers content handled by your website over and above a simple view. It starts out by showing you how to receive user input data through web forms, and then it moves on to dealing with files. Files can be uploaded by your users, and if they are, those same files can be downloaded or shown on a page. There are also files you include in your site that aren’t served by Django: CSS, images, JavaScript, and more. This chapter covers how to deal with user data and all kinds of file input and output as well as how to do it to manage it all securely.
7.1 Web forms
In the previous chapter, you took the first steps toward having self-serve user features in RiffMates. And although it wasn’t explicitly called out, you started using web forms. The login page is a web form with two fields: Username and Password. Submitting this form gets handled by a built-in Django view, which adds data to the user’s session, indicating they are authenticated. The mechanisms the login view uses are built on top of the tools available to you as a programmer. With them, you can build your own forms and have users submit data to your site.