django-form and fields validation

参考资料

清除数据与表单验证

清除数据时会进行表单验证。 在表格处理时有三种clean方法可调用，通常是在对表单调用is_valid()时执行。

clean响应：一般有两种结果，如果处理的数据有问题，则抛出ValidationError错误信息；若是正常，则会返回一个类型为python对象的规范化data。

• 在field子类的clean方法，此方法返回干净的数据，然后插入到表单的cleaned_data字典中。
• clean_() 方法在表单子类上调用。其中fieldname由表单字段名替代，此方法不返回任何参数。若查找self.cleaned_data字段中的值，记住这是一个python对象类型。
• 表单验证流程：
  1. 对于form中的字段，按照顺序运行Field.clean方法
  2. 运行clean_()
  3. 最后，无论之前两步是否抛出了错误，都将执行Form.clean()方法。

在实践中运用验证

using validators

我们可以自定义form field，验证输入字符串是否符合预设值规范，比如说是电子邮件地址类型。

from django import forms
from django.core.validators import validate_email

class MultiEmailField(forms.Field):
    def to_python(self, value):
        """Normalize data to a list of strings."""
        # Return an empty list if no input was given.
        if not value:
            return []
        return value.split(',')

    def validate(self, value):
        """Check if value consists only of valid emails."""
        # Use the parent's handling of required fields, etc.
        super(MultiEmailField, self).validate(value)
        for email in value:
            validate_email(email)

然后我们可以创建一个简单的函数来使用自定义field

class ContactForm(forms.Form):
    subject = forms.CharField(max_length=100)
    message = forms.CharField()
    sender = forms.EmailField()
    recipients = MultiEmailField()
    cc_myself = forms.BooleanField(required=False)

当在form中调用is_valid()方法时，自动使用了我们自定义的MultiEmailField()方法，它将作为clean过程中的一部分执行。

cleaning and validating fields that depend on each other

当我们同时验证多个字段时，表单的form.clean()方法是个很好的选择。

It's important to keep the field and form difference clear when working out where to validate things. Fields are single data points, forms are a collection of fields.

By the time the form's clean() method is called, all the individual field clean methods will have been run (the previous two sections), so self.cleaned_data will be populated with any data that has survived so far. So you also need to remember to allow for the fact that the fields you are wanting to validate might not have survived the initial individual field checks.

有两种方法可以抛出该过程中出现的error.

第一种

在此过程中抛出的错误，我们可以用clean()方法中提供的ValidationError，令其在窗口顶部显示错误。如：

from django import forms

class ContactForm(forms.Form):
    # Everything as before.
    ...

    def clean(self):
        cleaned_data = super(ContactForm, self).clean()
        cc_myself = cleaned_data.get("cc_myself")
        subject = cleaned_data.get("subject")

        if cc_myself and subject:
            # Only do something if both fields are valid so far.
            if "help" not in subject:
                raise forms.ValidationError(
                    "Did not send for 'help' in the subject despite "
                    "CC'ing yourself."
                )

在示例代码中对 super(ContactForm, self).clean() 的调用，确保可以实现父类中的所有验证逻辑。

第二种

可以将error信息分配给一个指定field。

Form.add_error(field, error)

这种方法允许从 Form.clean() 方法内的特定字段添加错误，或者从外部添加错误；例如在视图中。

但在开发环境中，我们要小心这种方式可能产生的输出格式混乱，修改了上面代码如下：

from django import forms

class ContactForm(forms.Form):
    # Everything as before.
    ...

    def clean(self):
        cleaned_data = super(ContactForm, self).clean()
        cc_myself = cleaned_data.get("cc_myself")
        subject = cleaned_data.get("subject")

        if cc_myself and subject and "help" not in subject:
            msg = "Must put 'help' in subject when cc'ing yourself."
            self.add_error('cc_myself', msg)
            self.add_error('subject', msg)

请注意，Form.add_error() 会自动从 cleaned_data 中删除相关字段

Form.errors

访问 errors 属性以获取错误消息的字典。注意这里的错误消息是dict形式传出，但某个字段可以有多个error，故错误信息存储在列表list中。

Form.errors.as_json(escape_html=False)

返回序列化为JSON的错误信息。

>>> f.errors.as_json()
{"sender": [{"message": "Enter a valid email address.", "code": "invalid"}],
"subject": [{"message": "This field is required.", "code": "required"}]}

By default, as_json() does not escape its output. If you are using it for something like AJAX requests to a form view where the client interprets the response and inserts errors into the page, you'll want to be sure to escape the results on the client-side to avoid the possibility of a cross-site scripting attack. It's trivial to do so using a JavaScript library like jQuery - simply use $(el).text(errorText) rather than .html().

默认情况下，as_json()不会转义输出。如果你处理从表单来的AJAX请求，客户端解释这个响应并在页面中插入错误信息。你需要确保在不遭受XSS攻击的情况下转义结果。如果使用JavaScript库（如jQuery）这样实现很简单 - 只需使用 $(el).text(errorText)，而不是 .html()。

Accessing the fields from the form

Form.fields

如何从字段访问表单呢？

You can access the fields of Form instance from its fields attribute

>>> for row in f.fields.values(): print(row)
...
<django.forms.fields.CharField object at 0x7ffaac632510>
<django.forms.fields.URLField object at 0x7ffaac632f90>
<django.forms.fields.CharField object at 0x7ffaac3aa050>
>>> f.fields['name']
<django.forms.fields.CharField object at 0x7ffaac6324d0>

我们也可修改 Form 实例的字段参数，以更改其在表单中显示的方式

>>> f.as_table().split('\n')[0]
'<tr><th>Name:</th><td><input name="name" type="text" value="instance" required /></td></tr>'
>>> f.fields['name'].label = "Username"
>>> f.as_table().split('\n')[0]
'<tr><th>Username:</th><td><input name="name" type="text" value="instance" required /></td></tr>'

Accessing "clean" data(The resources：https://docs.djangoproject.com/en/2.0/ref/forms/api/#accessing-clean-data)

Form 类中的每个字段不仅负责验证数据，还负责“清理"它 "- 将其标准化为一致的格式。这是一个很好的功能，因为它允许以各种方式输入特定字段的数据，转换为一致类型的输出。

For example, ~django.forms.DateField normalizes input into a Python datetime.date object. Regardless of whether you pass it a string in the format '1994-07-15', a datetime.date object, or a number of other formats, DateField will always normalize it to a datetime.date object as long as it's valid.

一旦您创建了一个具有一组数据并验证它的 Form 实例，您可以通过其 cleaned_data 属性访问干净的数据:

>>> data = {'subject': 'hello',
...         'message': 'Hi there',
...         'sender': 'foo@example.com',
...         'cc_myself': True}
>>> f = ContactForm(data)
>>> f.is_valid()
True
>>> f.cleaned_data
{'cc_myself': True, 'message': 'Hi there', 'sender': 'foo@example.com', 'subject': 'hello'}

在这里，任何文本输入的字段，如EmailField,CharField都会将输入数据clean为标准字符串类型。