tags:

views:

253

answers:

1
+1  Q: 

why are read only form fields in django a bad idea?

I've been looking for a way to create a read-only form field and every article I've found on the subject comes with a statement that "this is a bad idea". Now for an individual form, I can understand that there are other ways to solve the problem, but using a read only form field in a modelformset seems like a completely natural idea.

Consider a teacher grade book application where the teacher would like to be able to enter all the students' (note the plural students) grades with a single SUBMIT. A modelformset could iterate over all the student-grades in such a way that the student name is read-only and the grade is the editable field. I like the power and convenience of the error checking and error reporting you get with a modelformset but leaving the student name editable in such a formset is crazy.

Since the expert django consensus is that read-only form fields are a bad idea, I was wondering what the standard django best practice is for the example student-grade example above?

+1  A: 

The reason you don't want to do this is because someone can change your disabled field to enabled and then submit the form. You would have to change the save function as to not insert the "disabled" data.

The standard way to do this is to not put the name in an input, but to display it as text

<form>
    <div>
        <label>Name</label>
        <p>Johnny Five</p>
    </div>
    <div>
        ....

This is not possible in django.

I say if you really trust your userbase to not "mess" with things then go for it, but if its a public facing website with possible sensitive data then stay away.

Galen  2010-05-25 04:54:02
Thanks Galen that explains most of the concern, but I'm still curious how (or if) folks would use Django to implement the grade book page I suggested above. Abandon the built-in tools?
jamida  2010-05-25 15:02:40
check out this answerhttp://stackoverflow.com/questions/324477/in-a-django-form-how-to-make-a-field-readonly-or-disabled-so-that-it-cannot-be/325038#325038
Galen  2010-05-25 16:20:30
A fair number of people reading the request for "read-only" interpret it literally as in adding a "readonly" or "disabled" attribute to the widget. That has ALL the problems you spoke of above (and will work in a pinch) but ideally there'd be other solutions like your <p> (or <span>) tag above. I'm going to try this next: http://lazypython.blogspot.com/2008/12/building-read-only-field-in-django.html
jamida  2010-05-25 19:34:54
right the disabled input is dangerous like i said, i thought you were asking for the solution anyway.
Galen  2010-05-25 21:32:56

related questions

Django: Print url of view without hardcoding the url
Django Calendar Widget?
Can the HTTP version or headers affect the visual appearance of a web page?
Project design / FS layout for large django projects
Extending the User model with custom fields in Django
How to generate urls in django
Always including the user in the django template context
Screencasts for Django/Python?
Using Django time/date widgets in custom form
How do I add data to an existing model in Django?
Setup django with WSGI and apache
Altering database tables in Django
Django Templates and variable attributes.
Django ImageField core=False in newforms admin
How can I render a tree structure (recursive) using a django template?
Cleanest & Fastest server setup for Django
Unicode vs UTF-8 confusion in Python / Django?
Does Hostmonster support Django
Specifying a mySQL ENUM in a Django model
Represent Ordering in a Relational Database
updating an auto_now DateTimeField in a parent model w/ Django
Version track, automate DB schema changes with django
Learning Ruby on Rails any good for Grails?
What Hosting Service is best for Django applications?
Class views in Django