Template definition:
(1) Variable : The data passed by the view to the template
Variables are subject to the identifier rules {{var}}
Note: 1. If the variable used does not exist, an empty string is inserted
2. Use dot syntax in templates: treat as a dictionary or attribute method {{stu.name}}
3. Methods of using objects in templates Note: Parameters cannot be passed
(2) Label
Syntax: {% tag %}
What it does: Create text in output, control logic and loops
1 ) if: format : {% if expression %} statement {% endif%} or {% if expression 1%} statement 1{% elif expression 2%} statement 2{% endif%}
2 ) For: format
① {%for variable in list %} statement {%endfor%}
② {%for variable in list %} statement {%empty%} statement 2{%endfor%} ( the list is empty, or when the list does not exist, execute statement 2)
③ {{forloop.counter}}: Indicates how many times the current loop is
Example:
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Student Information</title> </head> <body> <h1>Student List</h1> <ul> {%for student in students%} <li> {{forloop.counter}}--{{student.sname}}--{{student.scontend}} </li> {% empty %} <li>There are currently no students</li> {%endfor%} </ul> </body> </html>
3)Comment
Format: {% comment %} The content of the comment {% endcomment %}
Role: comment multiple lines
4)ifequal/ifnotequal
Similar to if, function : determine whether it is equal / unequal
Format: {% ifequal value 1 value 2%} Statement {% endifequal %} Explanation: If value 1 is equal to value 2 , execute the statement.
5) include : load the template and render with the parameters inside the tag
Format: {% include 'template directory' parameter 1 parameter 2%}
6) url : reverse parsing
Format: {% url 'namespace:name' p1 p2 %}
7)csrf_token
Role: used for cross-site request forgery protection
Format: {% csrf_token %}
8) block extends: inheritance for templates
9) autoescape: used for html escape
(3) Filter:
Syntax: {{ var| filter }}
Effect: modify the variable before it is displayed
Example : views.py
def students(request): studentsList = Students.objects.all() return render(request,'myApp/students.html',{"students":studentsList,'str':'good man'})
Pass in a string str
In Students.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Student Information</title> </head> <body> <h1>Student List</h1> <ul> {%for student in students%} <li> {{forloop.counter}}--{{student.sname}}--{{student.scontend}} </li> {% empty %} <li>There are currently no students</li> {%endfor%} </ul> <h1>{{str|upper}}</h1> </body> </html>
The current meaning is to turn the characters in str into uppercase, not to modify the characters themselves
It is equivalent to re-take it in order to generate
Filters are: lower (lowercase), upper (uppercase)
Filters can be passed parameters, which are enclosed in quotes
(3) join : format : {{ list |join: '#'}}
Example : views.py
def students(request): studentsList = Students.objects.all() return render(request,'myApp/students.html',{"students":studentsList,'str':'good man','list':['good','nice','handsome']})
Add to Students.html :
<h1>{{list|join:'#'}}</h1>
Result: good#nice#handsome
If a variable is not provided, or the value is False , empty, the default value can be used:
default : format: {{var|default: 'good'}}
Example: <h1> {{test|default:' none '}} </h1>
* date: convert date to string according to given format: date
Format :{{dateVal|date:'ym-d'}}
*HTML escape: escape
* Addition, subtraction, multiplication and division:
<h1>num = {{num|add:10}}</h1> <!--加10--> <h1>num = {{num|add:-5}}</h1> <!--减5--> <h1>num = {% widthratio num 1 5 %}</h1> <!--multiply by 5--> <h1>num = {% widthratio num 2 1 %}</h1> <!--divide by 2-->
Example: To color parity rows differently
<ul> {%for student in students%} {%if forloop.counter|divisibleby:2%} <li style="color:red"> {{forloop.counter}}--{{student.sname}}--{{student.scontend}} </li> {%else%} <li style="color:blue"> {{forloop.counter}}--{{student.sname}}--{{student.scontend}} </li> {%endif%} {% empty %} <li>There are currently no students</li> {%endfor%} </ul>
(4) Notes
1) Single line comment
{# content #}
2) Multi-line comments
<!-- Content -->
template inheritance
It can reduce the repeated definition of the content of the page and realize the reuse of the page
block tag: Reserve an area in the template and fill it in the sub-template
Usage: {% block tag name %}
{% endblock tag name %}
extends tag: inherits the template, which needs to be written in the first line of the template file
Usage: {% extends parent template path %}
Example:
In Base.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> <style> #header{ width: 100%; height: 100px; background-color: red; } #footer{ width: 100%; height: 100px; background-color: blue; } </style> </head> <body> <div id="header">header</div> <div id="main"> {% block main%} {% endblock main%} </div> <div id="footer">footer</div> </body> </html>
Main2.html page
{% extends 'myApp/base.html'%} {% block main %} <h1>Good job!</h1> {% endblock main %}
result:
HTML escaping
Pass in <h1> sunck is a good man!</h1> in the function
The page still shows <h1> sunck is a good man!</h1>
Pass in as string
Solution: The characters to be passed in are treated as HTML code
Ordinary incoming {{code}}
Escape incoming {{code|safe}}
Resolve a lot of escaping: off is escaping, on is not escaping
{% autoescape off%}
{{code}}
{% endautoescape %}
CSRF
Cross-site request forgery: Some malicious websites contain links, forms, buttons, js, and use the login user to authenticate in the browser, thereby attacking the service (for example, POST submission forms from different sources, accessing the database to cause malicious attacks)
To prevent CSRF :
①Add to MIDDLEWARE in the setting.py file : 'django.middleware.csrf.CsrfViewMiddleware'
(But at the same time, I will also say that I will be blocked)
②Add {% csrf_token %} to the form, but there is no absolute security ( you can access it yourself here )