.. _obsolete-forms: =============================== Forms, fields, and manipulators =============================== Forwards-compatibility note =========================== The legacy forms/manipulators system described in this document is going to be replaced in the next Django release. If you're starting from scratch, we strongly encourage you not to waste your time learning this. Instead, learn and use the new :ref:`forms library `. Introduction ============ Once you've got a chance to play with Django's admin interface, you'll probably wonder if the fantastic form validation framework it uses is available to user code. It is, and this document explains how the framework works. We'll take a top-down approach to examining Django's form validation framework, because much of the time you won't need to use the lower-level APIs. Throughout this document, we'll be working with the following model, a "place" object:: from django.db import models PLACE_TYPES = ( (1, 'Bar'), (2, 'Restaurant'), (3, 'Movie Theater'), (4, 'Secret Hideout'), ) class Place(models.Model): name = models.CharField(max_length=100) address = models.CharField(max_length=100, blank=True) city = models.CharField(max_length=50, blank=True) state = models.USStateField() zip_code = models.CharField(max_length=5, blank=True) place_type = models.IntegerField(choices=PLACE_TYPES) class Admin: pass def __unicode__(self): return self.name Defining the above class is enough to create an admin interface to a ``Place``, but what if you want to allow public users to submit places? Automatic Manipulators ====================== The highest-level interface for object creation and modification is the **automatic Manipulator** framework. An automatic manipulator is a utility class tied to a given model that "knows" how to create or modify instances of that model and how to validate data for the object. Automatic Manipulators come in two flavors: ``AddManipulators`` and ``ChangeManipulators``. Functionally they are quite similar, but the former knows how to create new instances of the model, while the latter modifies existing instances. Both types of classes are automatically created when you define a new class:: >>> from mysite.myapp.models import Place >>> Place.AddManipulator >>> Place.ChangeManipulator Using the ``AddManipulator`` ---------------------------- We'll start with the ``AddManipulator``. Here's a very simple view that takes POSTed data from the browser and creates a new ``Place`` object:: from django.shortcuts import render_to_response from django.http import Http404, HttpResponse, HttpResponseRedirect from django import oldforms as forms from mysite.myapp.models import Place def naive_create_place(request): """A naive approach to creating places; don't actually use this!""" # Create the AddManipulator. manipulator = Place.AddManipulator() # Make a copy of the POSTed data so that do_html2python can # modify it in place (request.POST is immutable). new_data = request.POST.copy() # Convert the request data (which will all be strings) into the # appropriate Python types for those fields. manipulator.do_html2python(new_data) # Save the new object. new_place = manipulator.save(new_data) # It worked! return HttpResponse("Place created: %s" % new_place) The ``naive_create_place`` example works, but as you probably can tell, this view has a number of problems: * No validation of any sort is performed. If, for example, the ``name`` field isn't given in ``request.POST``, the save step will cause a database error because that field is required. Ugly. * Even if you *do* perform validation, there's still no way to give that information to the user in any sort of useful way. * You'll have to separately create a form (and view) that submits to this page, which is a pain and is redundant. Let's dodge these problems momentarily to take a look at how you could create a view with a form that submits to this flawed creation view:: def naive_create_place_form(request): """Simplistic place form view; don't actually use anything like this!""" # Create a FormWrapper object that the template can use. Ignore # the last two arguments to FormWrapper for now. form = forms.FormWrapper(Place.AddManipulator(), {}, {}) return render_to_response('places/naive_create_form.html', {'form': form}) (This view, as well as all the following ones, has the same imports as in the first example above.) The ``forms.FormWrapper`` object is a wrapper that templates can easily deal with to create forms. Here's the ``naive_create_form.html`` template:: {% extends "base.html" %} {% block content %}

Create a place:

{{ form.name }}

{{ form.address }}

{{ form.city }}

{{ form.state }}

{{ form.zip_code }}

{{ form.place_type }}

{% endblock %} Before we get back to the problems with these naive set of views, let's go over some salient points of the above template: * Field "widgets" are handled for you: ``{{ form.field }}`` automatically creates the "right" type of widget for the form, as you can see with the ``place_type`` field above. * There isn't a way just to spit out the form. You'll still need to define how the form gets laid out. This is a feature: Every form should be designed differently. Django doesn't force you into any type of mold. If you must use tables, use tables. If you're a semantic purist, you can probably find better HTML than in the above template. * To avoid name conflicts, the ``id`` values of form elements take the form "id_*fieldname*". By creating a creation form we've solved problem number 3 above, but we still don't have any validation. Let's revise the validation issue by writing a new creation view that takes validation into account:: def create_place_with_validation(request): manipulator = Place.AddManipulator() new_data = request.POST.copy() # Check for validation errors errors = manipulator.get_validation_errors(new_data) manipulator.do_html2python(new_data) if errors: return render_to_response('places/errors.html', {'errors': errors}) else: new_place = manipulator.save(new_data) return HttpResponse("Place created: %s" % new_place) In this new version, errors will be found -- ``manipulator.get_validation_errors`` handles all the validation for you -- and those errors can be nicely presented on an error page (templated, of course):: {% extends "base.html" %} {% block content %}

Please go back and correct the following error{{ errors|pluralize }}:

    {% for e in errors.items %}
  • Field "{{ e.0 }}": {{ e.1|join:", " }}
    • {% endfor %}
{% endblock %} Still, this has its own problems: * There's still the issue of creating a separate (redundant) view for the submission form. * Errors, though nicely presented, are on a separate page, so the user will have to use the "back" button to fix errors. That's ridiculous and unusable. The best way to deal with these issues is to collapse the two views -- the form and the submission -- into a single view. This view will be responsible for creating the form, validating POSTed data, and creating the new object (if the data is valid). An added bonus of this approach is that errors and the form will both be available on the same page, so errors with fields can be presented in context. .. admonition:: Philosophy: Finally, for the HTTP purists in the audience (and the authorship), this nicely matches the "true" meanings of HTTP GET and HTTP POST: GET fetches the form, and POST creates the new object. Below is the finished view:: def create_place(request): manipulator = Place.AddManipulator() if request.method == 'POST': # If data was POSTed, we're trying to create a new Place. new_data = request.POST.copy() # Check for errors. errors = manipulator.get_validation_errors(new_data) manipulator.do_html2python(new_data) if not errors: # No errors. This means we can save the data! new_place = manipulator.save(new_data) # Redirect to the object's "edit" page. Always use a redirect # after POST data, so that reloads don't accidentally create # duplicate entries, and so users don't see the confusing # "Repost POST data?" alert box in their browsers. return HttpResponseRedirect("/places/edit/%i/" % new_place.id) else: # No POST, so we want a brand new form without any data or errors. errors = new_data = {} # Create the FormWrapper, template, context, response. form = forms.FormWrapper(manipulator, new_data, errors) return render_to_response('places/create_form.html', {'form': form}) and here's the ``create_form`` template:: {% extends "base.html" %} {% block content %}

Create a place:

{% if form.has_errors %}

Please correct the following error{{ form.error_dict|pluralize }}:

{% endif %}

{{ form.name }} {% if form.name.errors %}*** {{ form.name.errors|join:", " }}{% endif %}

{{ form.address }} {% if form.address.errors %}*** {{ form.address.errors|join:", " }}{% endif %}

{{ form.city }} {% if form.city.errors %}*** {{ form.city.errors|join:", " }}{% endif %}

{{ form.state }} {% if form.state.errors %}*** {{ form.state.errors|join:", " }}{% endif %}

{{ form.zip_code }} {% if form.zip_code.errors %}*** {{ form.zip_code.errors|join:", " }}{% endif %}

{{ form.place_type }} {% if form.place_type.errors %}*** {{ form.place_type.errors|join:", " }}{% endif %}

{% endblock %} The second two arguments to ``FormWrapper`` (``new_data`` and ``errors``) deserve some mention. The first is any "default" data to be used as values for the fields. Pulling the data from ``request.POST``, as is done above, makes sure that if there are errors, the values the user put in aren't lost. If you try the above example, you'll see this in action. The second argument is the error list retrieved from ``manipulator.get_validation_errors``. When passed into the ``FormWrapper``, this gives each field an ``errors`` item (which is a list of error messages associated with the field) as well as a ``html_error_list`` item, which is a ``
    `` of error messages. The above template uses these error items to display a simple error message next to each field. The error list is saved as an ``error_dict`` attribute of the ``FormWrapper`` object. Using the ``ChangeManipulator`` ------------------------------- The above has covered using the ``AddManipulator`` to create a new object. What about editing an existing one? It's shockingly similar to creating a new one:: def edit_place(request, place_id): # Get the place in question from the database and create a # ChangeManipulator at the same time. try: manipulator = Place.ChangeManipulator(place_id) except Place.DoesNotExist: raise Http404 # Grab the Place object in question for future use. place = manipulator.original_object if request.method == 'POST': new_data = request.POST.copy() errors = manipulator.get_validation_errors(new_data) manipulator.do_html2python(new_data) if not errors: manipulator.save(new_data) # Do a post-after-redirect so that reload works, etc. return HttpResponseRedirect("/places/edit/%i/" % place.id) else: errors = {} # This makes sure the form accurate represents the fields of the place. new_data = manipulator.flatten_data() form = forms.FormWrapper(manipulator, new_data, errors) return render_to_response('places/edit_form.html', {'form': form, 'place': place}) The only real differences are: * We create a ``ChangeManipulator`` instead of an ``AddManipulator``. The argument to a ``ChangeManipulator`` is the ID of the object to be changed. As you can see, the initializer will raise an ``ObjectDoesNotExist`` exception if the ID is invalid. * ``ChangeManipulator.original_object`` stores the instance of the object being edited. * We set ``new_data`` based upon ``flatten_data()`` from the manipulator. ``flatten_data()`` takes the data from the original object under manipulation, and converts it into a data dictionary that can be used to populate form elements with the existing values for the object. * The above example uses a different template, so create and edit can be "skinned" differently if needed, but the form chunk itself is completely identical to the one in the create form above. The astute programmer will notice the add and create functions are nearly identical and could in fact be collapsed into a single view. This is left as an exercise for said programmer. (However, the even-more-astute programmer will take heed of the note at the top of this document and check out the :ref:`generic views ` documentation if all she wishes to do is this type of simple create/update.) Custom forms and manipulators ============================= All the above is fine and dandy if you just want to use the automatically created manipulators. But the coolness doesn't end there: You can easily create your own custom manipulators for handling custom forms. Custom manipulators are pretty simple. Here's a manipulator that you might use for a "contact" form on a website:: from django import oldforms as forms urgency_choices = ( (1, "Extremely urgent"), (2, "Urgent"), (3, "Normal"), (4, "Unimportant"), ) class ContactManipulator(forms.Manipulator): def __init__(self): self.fields = ( forms.EmailField(field_name="from", is_required=True), forms.TextField(field_name="subject", length=30, max_length=200, is_required=True), forms.SelectField(field_name="urgency", choices=urgency_choices), forms.LargeTextField(field_name="contents", is_required=True), ) A certain similarity to Django's models should be apparent. The only required method of a custom manipulator is ``__init__`` which must define the fields present in the manipulator. See the ``django.forms`` module for all the form fields provided by Django. You use this custom manipulator exactly as you would use an auto-generated one. Here's a simple function that might drive the above form:: def contact_form(request): manipulator = ContactManipulator() if request.method == 'POST': new_data = request.POST.copy() errors = manipulator.get_validation_errors(new_data) manipulator.do_html2python(new_data) if not errors: # Send e-mail using new_data here... return HttpResponseRedirect("/contact/thankyou/") else: errors = new_data = {} form = forms.FormWrapper(manipulator, new_data, errors) return render_to_response('contact_form.html', {'form': form}) Implementing ``flatten_data`` for custom manipulators ------------------------------------------------------ It is possible (although rarely needed) to replace the default automatically created manipulators on a model with your own custom manipulators. If you do this and you are intending to use those models in generic views, you should also define a ``flatten_data`` method in any ``ChangeManipulator`` replacement. This should act like the default ``flatten_data`` and return a dictionary mapping field names to their values, like so:: def flatten_data(self): obj = self.original_object return dict( from = obj.from, subject = obj.subject, ... ) In this way, your new change manipulator will act exactly like the default version. ``FileField`` and ``ImageField`` special cases ============================================== Dealing with ``FileField`` and ``ImageField`` objects is a little more complicated. First, you'll need to make sure that your ``
    `` element correctly defines the ``enctype`` as ``"multipart/form-data"``, in order to upload files:: Next, you'll need to treat the field in the template slightly differently. A ``FileField`` or ``ImageField`` is represented by *two* HTML form elements. For example, given this field in a model:: photo = model.ImageField('/path/to/upload/location') You'd need to display two formfields in the template::

    {{ form.photo }}{{ form.photo_file }}

    The first bit (``{{ form.photo }}``) displays the currently-selected file, while the second (``{{ form.photo_file }}``) actually contains the file upload form field. Thus, at the validation layer you need to check the ``photo_file`` key. Finally, in your view, make sure to access ``request.FILES``, rather than ``request.POST``, for the uploaded files. This is necessary because ``request.POST`` does not contain file-upload data. For example, following the ``new_data`` convention, you might do something like this:: new_data = request.POST.copy() new_data.update(request.FILES) Validators ========== One useful feature of manipulators is the automatic validation. Validation is done using a simple validation API: A validator is a callable that raises a ``ValidationError`` if there's something wrong with the data. ``django.core.validators`` defines a host of validator functions (see below), but defining your own couldn't be easier:: from django.core import validators from django import oldforms as forms class ContactManipulator(forms.Manipulator): def __init__(self): self.fields = ( # ... snip fields as above ... forms.EmailField(field_name="to", validator_list=[self.isValidToAddress]) ) def isValidToAddress(self, field_data, all_data): if not field_data.endswith("@example.com"): raise validators.ValidationError("You can only send messages to example.com e-mail addresses.") Above, we've added a "to" field to the contact form, but required that the "to" address end with "@example.com" by adding the ``isValidToAddress`` validator to the field's ``validator_list``. The arguments to a validator function take a little explanation. ``field_data`` is the value of the field in question, and ``all_data`` is a dictionary of all the data being validated. .. admonition:: Note:: At the point validators are called all data will still be strings (as ``do_html2python`` hasn't been called yet). Also, because consistency in user interfaces is important, we strongly urge you to put punctuation at the end of your validation messages. When are validators called? --------------------------- After a form has been submitted, Django validates each field in turn. First, if the field is required, Django checks that it is present and non-empty. Then, if that test passes *and the form submission contained data* for that field, all the validators for that field are called in turn. The emphasized portion in the last sentence is important: if a form field is not submitted (because it contains no data -- which is normal HTML behavior), the validators are not run against the field. This feature is particularly important for models using ``models.BooleanField`` or custom manipulators using things like ``forms.CheckBoxField``. If the checkbox is not selected, it will not contribute to the form submission. If you would like your validator to run *always*, regardless of whether its attached field contains any data, set the ``always_test`` attribute on the validator function. For example:: def my_custom_validator(field_data, all_data): # ... my_custom_validator.always_test = True This validator will always be executed for any field it is attached to. Ready-made validators --------------------- Writing your own validator is not difficult, but there are some situations that come up over and over again. Django comes with a number of validators that can be used directly in your code. All of these functions and classes reside in ``django/core/validators.py``. The following validators should all be self-explanatory. Each one provides a check for the given property: * isAlphaNumeric * isAlphaNumericURL * isSlug * isLowerCase * isUpperCase * isCommaSeparatedIntegerList * isCommaSeparatedEmailList * isValidIPAddress4 * isNotEmpty * isOnlyDigits * isNotOnlyDigits * isInteger * isOnlyLetters * isValidANSIDate * isValidANSITime * isValidEmail * isValidFloat * isValidImage * isValidImageURL * isValidPhone * isValidQuicktimeVideoURL * isValidURL * isValidHTML * isWellFormedXml * isWellFormedXmlFragment * isExistingURL * isValidUSState * hasNoProfanities There are also a group of validators that are slightly more flexible. For these validators, you create a validator instance, passing in the parameters described below. The returned object is a callable that can be used as a validator. For example:: from django.core import validators from django import oldforms as forms power_validator = validators.IsAPowerOf(2) class InstallationManipulator(forms.Manipulator) def __init__(self): self.fields = ( ... forms.IntegerField(field_name = "size", validator_list=[power_validator]) ) Here, ``validators.IsAPowerOf(...)`` returned something that could be used as a validator (in this case, a check that a number was a power of 2). Each of the standard validators that take parameters have an optional final argument (``error_message``) that is the message returned when validation fails. If no message is passed in, a default message is used. ``AlwaysMatchesOtherField`` Takes a field name and the current field is valid if and only if its value matches the contents of the other field. ``ValidateIfOtherFieldEquals`` Takes three parameters: ``other_field``, ``other_value`` and ``validator_list``, in that order. If ``other_field`` has a value of ``other_value``, then the validators in ``validator_list`` are all run against the current field. ``RequiredIfOtherFieldGiven`` Takes a field name of the current field is only required if the other field has a value. ``RequiredIfOtherFieldsGiven`` Similar to ``RequiredIfOtherFieldGiven``, except that it takes a list of field names and if any one of the supplied fields has a value provided, the current field being validated is required. ``RequiredIfOtherFieldNotGiven`` Takes the name of the other field and this field is only required if the other field has no value. ``RequiredIfOtherFieldEquals`` and ``RequiredIfOtherFieldDoesNotEqual`` Each of these validator classes takes a field name and a value (in that order). If the given field does (or does not have, in the latter case) the given value, then the current field being validated is required. An optional ``other_label`` argument can be passed which, if given, is used in error messages instead of the value. This allows more user friendly error messages if the value itself is not descriptive enough. Note that because validators are called before any ``do_html2python()`` functions, the value being compared against is a string. So ``RequiredIfOtherFieldEquals('choice', '1')`` is correct, whilst ``RequiredIfOtherFieldEquals('choice', 1)`` will never result in the equality test succeeding. ``IsLessThanOtherField`` Takes a field name and validates that the current field being validated has a value that is less than (or equal to) the other field's value. Again, comparisons are done using strings, so be cautious about using this function to compare data that should be treated as another type. The string "123" is less than the string "2", for example. If you don't want string comparison here, you will need to write your own validator. ``NumberIsInRange`` Takes two boundary numbers, ``lower`` and ``upper``, and checks that the field is greater than ``lower`` (if given) and less than ``upper`` (if given). Both checks are inclusive. That is, ``NumberIsInRange(10, 20)`` will allow values of both 10 and 20. This validator only checks numeric values (e.g., float and integer values). ``IsAPowerOf`` Takes an integer argument and when called as a validator, checks that the field being validated is a power of the integer. ``IsValidDecimal`` Takes a maximum number of digits and number of decimal places (in that order) and validates whether the field is a decimal with no more than the maximum number of digits and decimal places. ``MatchesRegularExpression`` Takes a regular expression (a string) as a parameter and validates the field value against it. ``AnyValidator`` Takes a list of validators as a parameter. At validation time, if the field successfully validates against any one of the validators, it passes validation. The validators are tested in the order specified in the original list. ``URLMimeTypeCheck`` Used to validate URL fields. Takes a list of MIME types (such as ``text/plain``) at creation time. At validation time, it verifies that the field is indeed a URL and then tries to retrieve the content at the URL. Validation succeeds if the content could be retrieved and it has a content type from the list used to create the validator. ``RelaxNGCompact`` Used to validate an XML document against a Relax NG compact schema. Takes a file path to the location of the schema and an optional root element (which is wrapped around the XML fragment before validation, if supplied). At validation time, the XML fragment is validated against the schema using the executable specified in the ``JING_PATH`` setting (see the :ref:`settings ` document for more details).