In Flask, in order to process web forms, we generally use the Flask-WTF extension, which encapsulates WTForms, and it has the function of validating form data ---- using Flask-WTF requires the configuration parameter SECRET_KEY ( CSRF_ENABLED is for CSRF (cross-site) Request forgery) protection. SECRET_KEY is used to generate an encrypted token. When CSRF is activated, this setting will generate an encrypted token according to the set key. Write the form directly in the HTML page).
#demo1file
#coding=utf-8
from flask import Flask,render_template ,request #render_template为模板
from config import Config
#Import the form provided by flask_wtf
from flask_wtf import FlaskForm
#Import the fields provided by the form class
from wtforms import StringField,PasswordField,SubmitField
#Import the validation function provided by the form class
from wtforms.validators import DataRequired,EqualTo
app = Flask(__name__)
# use configuration file
app.config.from_object(Config)
#requirements: registration page
#custom form class
class Form(FlaskForm):
# define form fields /input/password/submit
user = StringField(validators=[DataRequired()])
pswd = PasswordField(validators=[DataRequired(),EqualTo('psed2')])
psw2 = PasswordField(validators=[DataRequired()])
submit = SubmitField(label=u'注册')
@app.route('/',method=['GET','POST'])
def demo2():
#Instantiate the form class object
form = Form()
The #form.validata_on_submit() function will call the validator in turn. If the validator condition is satisfied, it will check whether the csrf_token is set in the form page
if form.validata_on_submit():
# get form data
us = form.user.data
ps = form.pswd.data
ps2 = form.pswd2.data
print us,ps,ps2
print form.validate_on_submit()
return render_template('login.html',form=form)
@app.route('/demo1',method=['GET','POST'])
def demo1():
#get form data
user = request.form.get('user')
pswd = request.form.get('pswd')
return render_template('login.html')
if __name__=='__main__':
app.run()
"""login.html under templates in the same level directory of demo1"""
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>{{request.merhod}}</title>
</head>
<body>
<h1>Sign up</h1>
<form method="post">
{# The essence of csrf_token is to obfuscate the parameters sent to the backend#}
{{form.csrf_token}}
<p>{{form.user}}</p>
<p>{{form.pswd}}</p>
<p>{{form.pswd2}}</p>
<p>{{form.submit}}</p>
</form>
<h2>Login</h2>
{#Handwritten input form, landing page#}
<form method="post">
<p><input type = "text" name="user" placehoder="User" size="35"></p>
<p><input type = "password" name="pswd" placehoder="Password" size="35"></p>
<p><input type="submit"></p>
</form>
</body>
</html>
"""demo1 sibling file config.py"""
class Config:
DEBUG = True
SECRET_KEY = ‘’