flask/docs/patterns/wtforms.rst

Form Validation with WTForms
============================

When you have to work with form data submitted by a browser view code
quickly becomes very hard to read.  There are libraries out there designed
to make this process easier to manage.  One of them is `WTForms`_ which we
will handle here.  If you find yourself in the situation of having many
forms, you might want to give it a try.

When you are working with WTForms you have to define your forms as classes
first.  I recommend breaking up the application into multiple modules
(:ref:`larger-applications`) for that and adding a separate module for the
forms.

.. admonition:: Getting most of WTForms with an Extension

   The `Flask-WTF`_ extension expands on this pattern and adds a few
   handful little helpers that make working with forms and Flask more
   fun.  You can get it from `PyPI
   <https://pypi.python.org/pypi/Flask-WTF>`_.

.. _Flask-WTF: http://pythonhosted.org/Flask-WTF/

The Forms
---------

This is an example form for a typical registration page::

    from wtforms import Form, BooleanField, TextField, PasswordField, validators

    class RegistrationForm(Form):
        username = TextField('Username', [validators.Length(min=4, max=25)])
        email = TextField('Email Address', [validators.Length(min=6, max=35)])
        password = PasswordField('New Password', [
            validators.Required(),
            validators.EqualTo('confirm', message='Passwords must match')
        ])
        confirm = PasswordField('Repeat Password')
        accept_tos = BooleanField('I accept the TOS', [validators.Required()])

In the View
-----------

In the view function, the usage of this form looks like this::

    @app.route('/register', methods=['GET', 'POST'])
    def register():
        form = RegistrationForm(request.form)
        if request.method == 'POST' and form.validate():
            user = User(form.username.data, form.email.data,
                        form.password.data)
            db_session.add(user)
            flash('Thanks for registering')
            return redirect(url_for('login'))
        return render_template('register.html', form=form)

Notice that we are implying that the view is using SQLAlchemy here
(:ref:`sqlalchemy-pattern`) but this is no requirement of course.  Adapt
the code as necessary.

Things to remember:

1. create the form from the request :attr:`~flask.request.form` value if
   the data is submitted via the HTTP ``POST`` method and
   :attr:`~flask.request.args` if the data is submitted as ``GET``.
2. to validate the data, call the :func:`~wtforms.form.Form.validate`
   method which will return ``True`` if the data validates, ``False``
   otherwise.
3. to access individual values from the form, access `form.<NAME>.data`.

Forms in Templates
------------------

Now to the template side.  When you pass the form to the templates you can
easily render them there.  Look at the following example template to see
how easy this is.  WTForms does half the form generation for us already.
To make it even nicer, we can write a macro that renders a field with
label and a list of errors if there are any.

Here's an example :file:`_formhelpers.html` template with such a macro:

.. sourcecode:: html+jinja

    {% macro render_field(field) %}
      <dt>{{ field.label }}
      <dd>{{ field(**kwargs)|safe }}
      {% if field.errors %}
        <ul class=errors>
        {% for error in field.errors %}
          <li>{{ error }}</li>
        {% endfor %}
        </ul>
      {% endif %}
      </dd>
    {% endmacro %}

This macro accepts a couple of keyword arguments that are forwarded to
WTForm's field function that renders the field for us.  The keyword
arguments will be inserted as HTML attributes.  So for example you can
call ``render_field(form.username, class='username')`` to add a class to
the input element.  Note that WTForms returns standard Python unicode
strings, so we have to tell Jinja2 that this data is already HTML escaped
with the ``|safe`` filter.

Here the :file:`register.html` template for the function we used above which
takes advantage of the :file:`_formhelpers.html` template:

.. sourcecode:: html+jinja

    {% from "_formhelpers.html" import render_field %}
    <form method=post action="/register">
      <dl>
        {{ render_field(form.username) }}
        {{ render_field(form.email) }}
        {{ render_field(form.password) }}
        {{ render_field(form.confirm) }}
        {{ render_field(form.accept_tos) }}
      </dl>
      <p><input type=submit value=Register>
    </form>

For more information about WTForms, head over to the `WTForms
website`_.

.. _WTForms: http://wtforms.readthedocs.org/
.. _WTForms website: http://wtforms.readthedocs.org/
Added WTForms documentation. 2010-04-19 08:22:59 +08:00			`Form Validation with WTForms`
			`============================`

			`When you have to work with form data submitted by a browser view code`
			`quickly becomes very hard to read. There are libraries out there designed`
Forgot to link the website. 2010-04-19 08:28:05 +08:00			to make this process easier to manage. One of them is `WTForms`_ which we
Added WTForms documentation. 2010-04-19 08:22:59 +08:00			`will handle here. If you find yourself in the situation of having many`
			`forms, you might want to give it a try.`

			`When you are working with WTForms you have to define your forms as classes`
Switch packages.python.org to pythonhosted.org 2014-04-26 07:35:37 +08:00			`first. I recommend breaking up the application into multiple modules`
Added WTForms documentation. 2010-04-19 08:22:59 +08:00			(:ref:`larger-applications`) for that and adding a separate module for the
			`forms.`

Added links to Flask-WTF and Flask-SQLAlchemy. This fixes #73 2010-07-01 07:22:46 +08:00			`.. admonition:: Getting most of WTForms with an Extension`

			The `Flask-WTF`_ extension expands on this pattern and adds a few
			`handful little helpers that make working with forms and Flask more`
			fun. You can get it from `PyPI
Switch pypi links to https To which the http version redirects permanently 2014-04-26 07:30:28 +08:00			<https://pypi.python.org/pypi/Flask-WTF>`_.
Added links to Flask-WTF and Flask-SQLAlchemy. This fixes #73 2010-07-01 07:22:46 +08:00
Switch packages.python.org to pythonhosted.org 2014-04-26 07:35:37 +08:00			`.. _Flask-WTF: http://pythonhosted.org/Flask-WTF/`
Added links to Flask-WTF and Flask-SQLAlchemy. This fixes #73 2010-07-01 07:22:46 +08:00
Added WTForms documentation. 2010-04-19 08:22:59 +08:00			`The Forms`
			`---------`

			`This is an example form for a typical registration page::`

Added PasswordField in docs/patterns/wtforms.rst 2011-10-07 02:15:35 +08:00			`from wtforms import Form, BooleanField, TextField, PasswordField, validators`
Added WTForms documentation. 2010-04-19 08:22:59 +08:00
			`class RegistrationForm(Form):`
			`username = TextField('Username', [validators.Length(min=4, max=25)])`
			`email = TextField('Email Address', [validators.Length(min=6, max=35)])`
Corrected validator usage in the wtforms docs. 2010-04-23 18:17:12 +08:00			`password = PasswordField('New Password', [`
			`validators.Required(),`
			`validators.EqualTo('confirm', message='Passwords must match')`
			`])`
			`confirm = PasswordField('Repeat Password')`
Added WTForms documentation. 2010-04-19 08:22:59 +08:00			`accept_tos = BooleanField('I accept the TOS', [validators.Required()])`

			`In the View`
			`-----------`

			`In the view function, the usage of this form looks like this::`

			`@app.route('/register', methods=['GET', 'POST'])`
			`def register():`
			`form = RegistrationForm(request.form)`
			`if request.method == 'POST' and form.validate():`
			`user = User(form.username.data, form.email.data,`
			`form.password.data)`
			`db_session.add(user)`
			`flash('Thanks for registering')`
Fixed simple typo 2010-04-26 09:51:02 +08:00			`return redirect(url_for('login'))`
Added WTForms documentation. 2010-04-19 08:22:59 +08:00			`return render_template('register.html', form=form)`

			`Notice that we are implying that the view is using SQLAlchemy here`
			(:ref:`sqlalchemy-pattern`) but this is no requirement of course. Adapt
			`the code as necessary.`

			`Things to remember:`

			1. create the form from the request :attr:`~flask.request.form` value if
docs: http method names like ``GET`` and ``POST`` 2014-11-05 11:13:01 +08:00			the data is submitted via the HTTP ``POST`` method and
			:attr:`~flask.request.args` if the data is submitted as ``GET``.
Added WTForms documentation. 2010-04-19 08:22:59 +08:00			2. to validate the data, call the :func:`~wtforms.form.Form.validate`
docs: ``True``, ``False`` and ``None`` 2014-11-05 11:04:58 +08:00			method which will return ``True`` if the data validates, ``False``
Added WTForms documentation. 2010-04-19 08:22:59 +08:00			`otherwise.`
			3. to access individual values from the form, access `form.<NAME>.data`.

			`Forms in Templates`
			`------------------`

			`Now to the template side. When you pass the form to the templates you can`
			`easily render them there. Look at the following example template to see`
			`how easy this is. WTForms does half the form generation for us already.`
			`To make it even nicer, we can write a macro that renders a field with`
			`label and a list of errors if there are any.`

docs: :file:`app.py`, :file:`yourapp/templates` 2014-11-05 11:45:22 +08:00			Here's an example :file:`_formhelpers.html` template with such a macro:
Added WTForms documentation. 2010-04-19 08:22:59 +08:00
			`.. sourcecode:: html+jinja`

			`{% macro render_field(field) %}`
			`<dt>{{ field.label }}`
			`<dd>{{ field(**kwargs)\|safe }}`
Fixed indentation of an example. 2010-04-19 08:25:31 +08:00			`{% if field.errors %}`
Update docs/patterns/wtforms.rst 2012-02-22 04:04:36 +08:00			`<ul class=errors>`
			`{% for error in field.errors %}`
			`<li>{{ error }}</li>`
			`{% endfor %}`
Fixed indentation of an example. 2010-04-19 08:25:31 +08:00			`</ul>`
			`{% endif %}`
			`</dd>`
Added WTForms documentation. 2010-04-19 08:22:59 +08:00			`{% endmacro %}`

			`This macro accepts a couple of keyword arguments that are forwarded to`
Fix some typos in the docs 2010-08-03 00:07:10 +08:00			`WTForm's field function that renders the field for us. The keyword`
Added WTForms documentation. 2010-04-19 08:22:59 +08:00			`arguments will be inserted as HTML attributes. So for example you can`
			call ``render_field(form.username, class='username')`` to add a class to
			`the input element. Note that WTForms returns standard Python unicode`
			`strings, so we have to tell Jinja2 that this data is already HTML escaped`
docs: ``<body>``, ``\|safe`` 2014-11-05 12:27:25 +08:00			with the ``\|safe`` filter.
Added WTForms documentation. 2010-04-19 08:22:59 +08:00
docs: :file:`app.py`, :file:`yourapp/templates` 2014-11-05 11:45:22 +08:00			Here the :file:`register.html` template for the function we used above which
			takes advantage of the :file:`_formhelpers.html` template:
Added WTForms documentation. 2010-04-19 08:22:59 +08:00
			`.. sourcecode:: html+jinja`

			`{% from "_formhelpers.html" import render_field %}`
Update docs/patterns/wtforms.rst 2012-02-22 04:04:36 +08:00			`<form method=post action="/register">`
Added WTForms documentation. 2010-04-19 08:22:59 +08:00			`<dl>`
			`{{ render_field(form.username) }}`
			`{{ render_field(form.email) }}`
			`{{ render_field(form.password) }}`
			`{{ render_field(form.confirm) }}`
			`{{ render_field(form.accept_tos) }}`
			`</dl>`
			`<p><input type=submit value=Register>`
			`</form>`
Added links for SQLAlchemy and WTForms. 2010-04-19 08:24:02 +08:00
			For more information about WTForms, head over to the `WTForms
			website`_.

Update doclinks Fix redirects and broken links 2014-07-24 23:03:56 +08:00			`.. _WTForms: http://wtforms.readthedocs.org/`
			`.. _WTForms website: http://wtforms.readthedocs.org/`