django form認證-解壓db壓力

• 一般系統都需要前后端都驗證
• 前端驗證容器逃逸破解,如通過js console口去發

試想如果后端只有db驗證,那么前端無論發什么后端都查詢一次db,對db壓力太大, 所以后端 先通過form驗證,對其長度等驗證通過后才db驗證.

新建forms.py

forms.py里的字段要和前端的login表單字段name對應上

users/forms.py

from django import formsclass LoginForm(forms.Form):username = forms.CharField(required=True)password = forms.CharField(required=True)

users/viewspy

from django.contrib.auth import authenticate, login from django.contrib.auth.backends import ModelBackend from django.db.models import Q from django.shortcuts import render from django.views.generic import View # Create your views here. from users.forms import LoginForm from users.models import UserProfileclass UserView(View): # 新的login view. 繼承了View類,它里面實現get post等方法, 使用類模式寫免去了函數模式的判斷def get(self, request):return render(request, "login.html", {})def post(self, request):login_form = LoginForm(request.POST) # 傳遞進來的字段先進行表單驗證,如果規則通過在進入查庫邏輯if login_form.is_valid():user_name = request.POST.get("username", "") # 字典取值,如果無,賦值為空pass_word = request.POST.get("password", "")user = authenticate(username=user_name, password=pass_word)if user is not None: # 用戶名密碼驗證成功login(request, user) # django執行用戶登錄return render(request, "index.html")else:return render(request, "login.html", {'msg': "用戶名或密碼錯誤"})else:return render(request, "login.html", {'msg': "用戶名或密碼不符合規則"})

此時如果前端什么都不輸入提交

debug模式看到

返回form報錯到前端

users/views.py

class UserView(View): # 新的login view. 繼承了View類,它里面實現get post等方法, 使用類模式寫免去了函數模式的判斷def get(self, request):return render(request, "login.html", {})def post(self, request):login_form = LoginForm(request.POST) # 傳遞進來的字段先進行表單驗證,如果規則通過在進入查庫邏輯if login_form.is_valid():user_name = request.POST.get("username", "") # 字典取值,如果無,賦值為空pass_word = request.POST.get("password", "")user = authenticate(username=user_name, password=pass_word)if user is not None: # 用戶名密碼驗證成功login(request, user) # django執行用戶登錄return render(request, "index.html")else:return render(request, "login.html", {'msg': "用戶名或密碼錯誤"})else:return render(request, "login.html", {'msg': "用戶名或密碼不符合規則", "login_form": login_form}) # 將django的form驗證失敗內置信息發給前端展示用

templates/login.html

<!DOCTYPE html> <html lang="en"> <head><meta charset="UTF-8"><title>login</title> </head> <body> <div><form action="/login/" method="post"><p><input type="text" name="username" placeholder="username"></p><p><input type="text" name="password" placeholder="password"></p><p><input type="submit"></p>{% csrf_token %}</form>{% if login_form.errors.username %}{% for key,value in login_form.errors.items %}{{ key }}: {{ value }}{% endfor %}{% endif %}{{ msg }} </div> </body> </html>

也可以單獨把erros提取出來返回給前端, 如error_msg = user_input_obj.errors

form有2個作用: 1, 驗證 2,生成html(另一種寫法了)

if user_input_obj.is_valid():#form驗證通過...else:error_msg = user_input_obj.errorsreturn render(request, "user_list.html", {'obj': user_input_obj, 'errors': error_msg})#錯誤信息返回前端頁面:<form action="/user_list/" method="post"><p>用戶類型: {{ obj.user_type }} <span>{{ errors.user_type }}</span></p>....{% csrf_token %}</form>

轉載于:https://www.cnblogs.com/iiiiiher/p/8397628.html

總結

以上是生活随笔為你收集整理的[py][mx]django form验证-给db减压的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。