(1) Data paging
You can refer to https://docs.djangoproject.com/en/2.0/topics/pagination/
Template: If only 1, 2, 3, 4, 5, 6. are displayed. . . If so, just add lines 8, 9, and 10 to the template.
1 <span class = " step-links " > 2 { #If there is a previous page, return true #} 3 { % if posts.has_previous % } 4 <a href= " ?page=1 " >«homepage</ a a> 5 <a href= " /blog/?page={{ posts.previous_page_number }} " >previous page</a> 6 {% endif %}</span> 7 { # posts.paginator.page_range return page number The iterable range, such as 5 pages, is the same as range(1,5). [1,2,3, post_num in posts.paginator.page_range %} 9 <a href="/blog/?page={{ post_num }}">{{ post_num }}</a> 10 {% endfor %} 11 <span class="current"> 12 {# 如果有下一页,返回true#} 13 {% if posts.has_next %} 14 <a href="/blog/?page={{ posts.next_page_number }}">下一页</a> 15 <a href="/blog/?page={{ posts.paginator.num_pages }}">尾页 »</a> 16 {% endif %} 17 </span> 18 <span class="current"> 19 Page {{ posts.number }} of {{ posts.paginator.num_pages }} 20 </span>
View function (views.py):
1 from blog.models import BlogPost 2 from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger 3 4 #Get blog information and render it on the page 5 def archive(request): 6 #Get all the data of BlogPost and sort it in reverse order by timestamp , if the timestamp is the same, it will be sorted by title 7 all_posts = BlogPost.objects.all().order_by( ' -timestamp ' , ' title ' ) 8 #Instantiate Paginator, limit the display of 10 pieces of data per page 9 paginator = Paginator(all_posts, 10 ) 10 #Get the page number selected by the user 11 page = request.GET.get( ' page ' ) 12 try : 13 posts = paginator.page(page) #Get the data of the page page 14 except PageNotAnInteger: #Get the first page if the page number is not an integer Data 15 posts = paginator.page(1 ) 16 except EmptyPage: #Exceed the maximum page number, get the data of the last page 17 posts = paginator.page(paginator.num_pages) 18 # return render_to_response('archive.html', {'posts ': posts,'form':BlogPostForm},RequestContext(request)) 19 return render(request,'archive.html',{'posts': posts,})
(2) Cross-Site Request Forgery (CSRF)
Insecure request methods such as POST, PUT, and DELATE are not allowed to attack through cross-site request forgery . You can refer to https://docs.djangoproject.com/en/2.0/ref/csrf/
1. The 'django.middleware.csrf.CsrfViewMiddleware' in the MIDDLEWARE list of settings.py under the project file is not commented (django 2.0.5 is enabled by default)
2. Add {% csrf_token %} after the <form> tag of the template file , for example: the last one in the first line is enough
1 <form action="/blog/create/" method="post">{% csrf_token %} 2 <table>{{ form }}</table><br> 3 <input type=submit> 4 </form>
3. Change the request type to RequestContext
1 from django.shortcuts import render,render_to_response 2 from blog.models import BlogPost ,BlogPostForm 3 from django.template import RequestContext 4 5 #Get blog information and render it on the page 6 def archive(request): 7 posts = BlogPost.objects. all().order_by( ' -timestamp ' , ' title ' ) 8 return render_to_response( ' archive.html ' , { ' posts ' : posts,'form':BlogPostForm},RequestContext(request))
One way of django documentation should be the above way of writing render_to_response('archive.html', {'posts': posts, 'form':BlogPostForm}, RequestContext(request)), but I tried it to no avail, You can change the render function later (the request type of the render function is the same RequestContext
, so there is no need to specify it separately)
from django.shortcuts import render from blog.models import BlogPost,BlogPostForm #Get blog information and render it on the page def archive(request): posts = BlogPost.objects.all().order_by('-timestamp','title') return render(request,'archive.html',{'posts': posts,'form':BlogPostForm})