Anonymous user
Boston Python Workshop/Saturday/Web app project: Difference between revisions
Boston Python Workshop/Saturday/Web app project (view source)
Revision as of 13:13, 5 March 2011
, 13 years ago→Write a simple form
imported>Paulproteus |
imported>Paulproteus |
||
Line 632:
* The above template displays a radio button for each poll choice. The value of each radio button is the associated poll choice's ID. The name of each radio button is "choice". That means, when somebody selects one of the radio buttons and submits the form, the form submission will represent the Python dictionary {'choice': '3'}. That's the basics of HTML forms; you can learn more about them.
* We set the form's action to <pre>/polls/{{ poll.id }}/vote/</pre>, and we set method="post". Normal web pages are requested using ''GET'', but the standards for HTTP indicate that if you are changing data on the server, you must use the ''POST'' method. (Whenever you create a form that alters data server-side, use method="post". This tip isn't specific to Django; it's just good Web development practice.)
* Since we're creating a POST form (which can have the effect of modifying data), we need to worry about Cross Site Request Forgeries. Thankfully, you don't have to worry too hard, because Django comes with a very easy-to-use system for protecting against it. In short, all POST forms that are targeted at internal URLs should use the {% csrf_token %} template tag.
| |||