Kenhuang Academy
  • English

      • Forms & WTForms

      Flask recommends using Flask-WTF with WTForms for form handling and CSRF protection.

      Installation:

      pip install flask-wtf wtforms email-validator

      Configuration:

      app.config.update(SECRET_KEY="dev", WTF_CSRF_ENABLED=True)

      Define Forms:

      # forms.py
from wtforms import StringField, PasswordField, BooleanField, SubmitField
from wtforms.validators import DataRequired, Email, Length, EqualTo
from flask_wtf import FlaskForm

class RegisterForm(FlaskForm):
    email = StringField("Email", validators=[DataRequired(), Email()])
    password = PasswordField("Password", validators=[DataRequired(), Length(min=6)])
    confirm = PasswordField("Confirm", validators=[EqualTo("password")])
    remember = BooleanField("Remember me")
    submit = SubmitField("Register")

      Views and Templates:

      # views.py
from flask import render_template, redirect, url_for, flash
from .forms import RegisterForm

@app.route("/register", methods=["GET", "POST"])
def register():
    form = RegisterForm()
    if form.validate_on_submit():
        # Handle registration logic
        flash("Registration successful", "success")
        return redirect(url_for("index"))
    return render_template("register.html", form=form)
      <!-- templates/register.html -->
<form method="post" novalidate>
  {{ form.csrf_token }}
  {{ form.email.label }} {{ form.email(size=32) }}
  {{ form.password.label }} {{ form.password() }}
  {{ form.confirm.label }} {{ form.confirm() }}
  {{ form.remember() }} {{ form.remember.label }}
  {{ form.submit() }}
  {% for field, errors in form.errors.items() %}
    {% for err in errors %}<p class="error">{{ field }}: {{ err }}</p>{% endfor %}
  {% endfor %}
</form>

      File Upload Forms:

      from flask_wtf.file import FileField, FileAllowed, FileRequired

class UploadForm(FlaskForm):
    file = FileField("File", validators=[FileRequired(), FileAllowed(["jpg","png"])])

      Tips:

      • During development, you can set WTF_CSRF_ENABLED=False to temporarily disable CSRF, but must enable it in production
      • Use email-validator to improve email validation accuracy
      • Properly use flash and templates to display error messages