The Django Forms library
We’ve looked at how to manually write forms in HTML and how to access the data on the request object using QueryDict
. We saw that the browser provides some validation for us for certain field types (such as email or numbers), but we have not tried validating the data in the Python view. We should validate the form in the Python view for two reasons:
- It is not safe to rely solely on browser-based validation of input data. A browser may not implement certain validation features, meaning the user could post any type of data. For example, older browsers don’t validate number fields, so a user can type in a number outside the range we are expecting. Further, a malicious user could try to send harmful data without using a browser at all. The browser validation should be considered a nicety for the user and that’s all.
- The browser does not allow us to do cross-field validation. For example, we can use the
required
attribute for inputs...