[py][mx]django form验证-给db减压
django form认证-解压db压力
- 一般系统都需要前后端都验证
- 前端验证容器逃逸破解,如通过js console口去发
试想如果后端只有db验证,那么前端无论发什么后端都查询一次db,对db压力太大, 所以后端 先通过form验证,对其长度等验证通过后才db验证.
新建forms.py
forms.py里的字段要和前端的login表单字段name对应上
users/forms.py
from django import forms
class LoginForm(forms.Form):
username = forms.CharField(required=True)
password = forms.CharField(required=True)
users/viewspy
from django.contrib.auth import authenticate, login
from django.contrib.auth.backends import ModelBackend
from django.db.models import Q
from django.shortcuts import render
from django.views.generic import View
# Create your views here.
from users.forms import LoginForm
from users.models import UserProfile
class UserView(View): # 新的login view. 继承了View类,它里面实现get post等方法, 使用类模式写免去了函数模式的判断
def get(self, request):
return render(request, "login.html", {})
def post(self, request):
login_form = LoginForm(request.POST) # 传递进来的字段先进行表单验证,如果规则通过在进入查库逻辑
if login_form.is_valid():
user_name = request.POST.get("username", "") # 字典取值,如果无,赋值为空
pass_word = request.POST.get("password", "")
user = authenticate(username=user_name, password=pass_word)
if user is not None: # 用户名密码验证成功
login(request, user) # django执行用户登录
return render(request, "index.html")
else:
return render(request, "login.html", {'msg': "用户名或密码错误"})
else:
return render(request, "login.html", {'msg': "用户名或密码不符合规则"})
此时如果前端什么都不输入提交
debug模式看到
返回form报错到前端
users/views.py
class UserView(View): # 新的login view. 继承了View类,它里面实现get post等方法, 使用类模式写免去了函数模式的判断
def get(self, request):
return render(request, "login.html", {})
def post(self, request):
login_form = LoginForm(request.POST) # 传递进来的字段先进行表单验证,如果规则通过在进入查库逻辑
if login_form.is_valid():
user_name = request.POST.get("username", "") # 字典取值,如果无,赋值为空
pass_word = request.POST.get("password", "")
user = authenticate(username=user_name, password=pass_word)
if user is not None: # 用户名密码验证成功
login(request, user) # django执行用户登录
return render(request, "index.html")
else:
return render(request, "login.html", {'msg': "用户名或密码错误"})
else:
return render(request, "login.html", {'msg': "用户名或密码不符合规则", "login_form": login_form}) # 将django的form验证失败内置信息发给前端展示用
templates/login.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>login</title>
</head>
<body>
<div>
<form action="/login/" method="post">
<p><input type="text" name="username" placeholder="username"></p>
<p><input type="text" name="password" placeholder="password"></p>
<p><input type="submit"></p>
{% csrf_token %}
</form>
{% if login_form.errors.username %}
{% for key,value in login_form.errors.items %}
{{ key }}: {{ value }}
{% endfor %}
{% endif %}
{{ msg }}
</div>
</body>
</html>
也可以单独把erros提取出来返回给前端, 如error_msg = user_input_obj.errors
form有2个作用: 1, 验证 2,生成html(另一种写法了)
if user_input_obj.is_valid():#form验证通过
...
else:
error_msg = user_input_obj.errors
return render(request, "user_list.html", {'obj': user_input_obj, 'errors': error_msg})#错误信息返回
前端页面:
<form action="/user_list/" method="post">
<p>用户类型: {{ obj.user_type }} <span>{{ errors.user_type }}</span></p>
....
{% csrf_token %}
</form>
浙公网安备 33010602011771号