=============================== Forms, fields, and manipulators =============================== Forwards-compatibility note =========================== The legacy forms/manipulators system described in this document is going to be replaced in the next Django release. If you're starting from scratch, we strongly encourage you not to waste your time learning this. Instead, learn and use the django.newforms system, which we have begun to document in the `newforms documentation`_. If you have legacy form/manipulator code, read the "Migration plan" section in that document to understand how we're making the switch. .. _newforms documentation: ../newforms/ Introduction ============ Once you've got a chance to play with Django's admin interface, you'll probably wonder if the fantastic form validation framework it uses is available to user code. It is, and this document explains how the framework works. We'll take a top-down approach to examining Django's form validation framework, because much of the time you won't need to use the lower-level APIs. Throughout this document, we'll be working with the following model, a "place" object:: from django.db import models PLACE_TYPES = ( (1, 'Bar'), (2, 'Restaurant'), (3, 'Movie Theater'), (4, 'Secret Hideout'), ) class Place(models.Model): name = models.CharField(max_length=100) address = models.CharField(max_length=100, blank=True) city = models.CharField(max_length=50, blank=True) state = models.USStateField() zip_code = models.CharField(max_length=5, blank=True) place_type = models.IntegerField(choices=PLACE_TYPES) class Admin: pass def __unicode__(self): return self.name Defining the above class is enough to create an admin interface to a ``Place``, but what if you want to allow public users to submit places? Automatic Manipulators ====================== The highest-level interface for object creation and modification is the **automatic Manipulator** framework. An automatic manipulator is a utility class tied to a given model that "knows" how to create or modify instances of that model and how to validate data for the object. Automatic Manipulators come in two flavors: ``AddManipulators`` and ``ChangeManipulators``. Functionally they are quite similar, but the former knows how to create new instances of the model, while the latter modifies existing instances. Both types of classes are automatically created when you define a new class:: >>> from mysite.myapp.models import Place >>> Place.AddManipulator >>> Place.ChangeManipulator Using the ``AddManipulator`` ---------------------------- We'll start with the ``AddManipulator``. Here's a very simple view that takes POSTed data from the browser and creates a new ``Place`` object:: from django.shortcuts import render_to_response from django.http import Http404, HttpResponse, HttpResponseRedirect from django import forms from mysite.myapp.models import Place def naive_create_place(request): """A naive approach to creating places; don't actually use this!""" # Create the AddManipulator. manipulator = Place.AddManipulator() # Make a copy of the POSTed data so that do_html2python can # modify it in place (request.POST is immutable). new_data = request.POST.copy() # Convert the request data (which will all be strings) into the # appropriate Python types for those fields. manipulator.do_html2python(new_data) # Save the new object. new_place = manipulator.save(new_data) # It worked! return HttpResponse("Place created: %s" % new_place) The ``naive_create_place`` example works, but as you probably can tell, this view has a number of problems: * No validation of any sort is performed. If, for example, the ``name`` field isn't given in ``request.POST``, the save step will cause a database error because that field is required. Ugly. * Even if you *do* perform validation, there's still no way to give that information to the user in any sort of useful way. * You'll have to separately create a form (and view) that submits to this page, which is a pain and is redundant. Let's dodge these problems momentarily to take a look at how you could create a view with a form that submits to this flawed creation view:: def naive_create_place_form(request): """Simplistic place form view; don't actually use anything like this!""" # Create a FormWrapper object that the template can use. Ignore # the last two arguments to FormWrapper for now. form = forms.FormWrapper(Place.AddManipulator(), {}, {}) return render_to_response('places/naive_create_form.html', {'form': form}) (This view, as well as all the following ones, has the same imports as in the first example above.) The ``forms.FormWrapper`` object is a wrapper that templates can easily deal with to create forms. Here's the ``naive_create_form.html`` template:: {% extends "base.html" %} {% block content %}

Create a place:

{{ form.name }}

{{ form.address }}

{{ form.city }}

{{ form.state }}

{{ form.zip_code }}

{{ form.place_type }}

{% endblock %} Before we get back to the problems with these naive set of views, let's go over some salient points of the above template: * Field "widgets" are handled for you: ``{{ form.field }}`` automatically creates the "right" type of widget for the form, as you can see with the ``place_type`` field above. * There isn't a way just to spit out the form. You'll still need to define how the form gets laid out. This is a feature: Every form should be designed differently. Django doesn't force you into any type of mold. If you must use tables, use tables. If you're a semantic purist, you can probably find better HTML than in the above template. * To avoid name conflicts, the ``id`` values of form elements take the form "id_*fieldname*". By creating a creation form we've solved problem number 3 above, but we still don't have any validation. Let's revise the validation issue by writing a new creation view that takes validation into account:: def create_place_with_validation(request): manipulator = Place.AddManipulator() new_data = request.POST.copy() # Check for validation errors errors = manipulator.get_validation_errors(new_data) manipulator.do_html2python(new_data) if errors: return render_to_response('places/errors.html', {'errors': errors}) else: new_place = manipulator.save(new_data) return HttpResponse("Place created: %s" % new_place) In this new version, errors will be found -- ``manipulator.get_validation_errors`` handles all the validation for you -- and those errors can be nicely presented on an error page (templated, of course):: {% extends "base.html" %} {% block content %}

Please go back and correct the following error{{ errors|pluralize }}:

{% endblock %} Still, this has its own problems: * There's still the issue of creating a separate (redundant) view for the submission form. * Errors, though nicely presented, are on a separate page, so the user will have to use the "back" button to fix errors. That's ridiculous and unusable. The best way to deal with these issues is to collapse the two views -- the form and the submission -- into a single view. This view will be responsible for creating the form, validating POSTed data, and creating the new object (if the data is valid). An added bonus of this approach is that errors and the form will both be available on the same page, so errors with fields can be presented in context. .. admonition:: Philosophy: Finally, for the HTTP purists in the audience (and the authorship), this nicely matches the "true" meanings of HTTP GET and HTTP POST: GET fetches the form, and POST creates the new object. Below is the finished view:: def create_place(request): manipulator = Place.AddManipulator() if request.method == 'POST': # If data was POSTed, we're trying to create a new Place. new_data = request.POST.copy() # Check for errors. errors = manipulator.get_validation_errors(new_data) manipulator.do_html2python(new_data) if not errors: # No errors. This means we can save the data! new_place = manipulator.save(new_data) # Redirect to the object's "edit" page. Always use a redirect # after POST data, so that reloads don't accidently create # duplicate entires, and so users don't see the confusing # "Repost POST data?" alert box in their browsers. return HttpResponseRedirect("/places/edit/%i/" % new_place.id) else: # No POST, so we want a brand new form without any data or errors. errors = new_data = {} # Create the FormWrapper, template, context, response. form = forms.FormWrapper(manipulator, new_data, errors) return render_to_response('places/create_form.html', {'form': form}) and here's the ``create_form`` template:: {% extends "base.html" %} {% block content %}

Create a place:

{% if form.has_errors %}

Please correct the following error{{ form.error_dict|pluralize }}:

{% endif %}

{{ form.name }} {% if form.name.errors %}*** {{ form.name.errors|join:", " }}{% endif %}

{{ form.address }} {% if form.address.errors %}*** {{ form.address.errors|join:", " }}{% endif %}

{{ form.city }} {% if form.city.errors %}*** {{ form.city.errors|join:", " }}{% endif %}

{{ form.state }} {% if form.state.errors %}*** {{ form.state.errors|join:", " }}{% endif %}

{{ form.zip_code }} {% if form.zip_code.errors %}*** {{ form.zip_code.errors|join:", " }}{% endif %}

{{ form.place_type }} {% if form.place_type.errors %}*** {{ form.place_type.errors|join:", " }}{% endif %}

{% endblock %} The second two arguments to ``FormWrapper`` (``new_data`` and ``errors``) deserve some mention. The first is any "default" data to be used as values for the fields. Pulling the data from ``request.POST``, as is done above, makes sure that if there are errors, the values the user put in aren't lost. If you try the above example, you'll see this in action. The second argument is the error list retrieved from ``manipulator.get_validation_errors``. When passed into the ``FormWrapper``, this gives each field an ``errors`` item (which is a list of error messages associated with the field) as well as a ``html_error_list`` item, which is a ``