I just started to use django. I came across forms and I need to know which one is the better way to validate a forms. Would it be using django forms or should we use javascript or some client side scripting language to do it?
+8
A:
You should ALWAYS validate your form on the server side, client side validation is but a convenience for the user only.
That being said, Django forms has a variable form.errors which shows if certain form fields were incorrect.
{{ form.name_of_field.errors }} can give you each individual error of each field that's incorrectly filled out. See more here:
AlbertoPL
2009-07-15 12:58:10
One thing that the docs *don't* mention is the existence of {{ form.non_field_errors }} for when you want to get at *just* the errors that apply to the form as a whole.
Steve Losh
2009-07-15 13:11:25
Yes, I find the docs do miss out on a lot of stuff, or they simply do not go into detail. I hope that as the framework evolves the docs do as well.
AlbertoPL
2009-07-15 13:12:25
To reiterate what Alberto said: Client-side validation is not validation. Anyone can craft a POST or GET request. The only actual benefit you get from client-side validation is the "Web 2.0 AJAXy feel" for the user, but it's not validation -- that takes place server-side.
ShawnMilo
2009-07-15 18:31:04
+2
A:
There's a pluggable Django app (django-ajax-forms) that helps validate forms on the client side through JavaScript. But as AlbertoPL says, use client side validation only as a usability measure (e.g. telling a user that his desired username is already taken without reloading the registration page). There are all kind of ways to sidestep client side validation, in most cases as simple as deactivating JavaScript.
Generally speaking: presume all data coming from the outside as faulty until validated.
piquadrat
2009-07-15 13:59:04