Skip to content

Forms & WTForms

Flask recommends using Flask-WTF with WTForms for form handling and CSRF protection.

Installation:

bash
pip install flask-wtf wtforms email-validator

Configuration:

python
app.config.update(SECRET_KEY="dev", WTF_CSRF_ENABLED=True)

Define Forms:

python
# forms.py
from wtforms import StringField, PasswordField, BooleanField, SubmitField
from wtforms.validators import DataRequired, Email, Length, EqualTo
from flask_wtf import FlaskForm

class RegisterForm(FlaskForm):
    email = StringField("Email", validators=[DataRequired(), Email()])
    password = PasswordField("Password", validators=[DataRequired(), Length(min=6)])
    confirm = PasswordField("Confirm", validators=[EqualTo("password")])
    remember = BooleanField("Remember me")
    submit = SubmitField("Register")

Views and Templates:

python
# views.py
from flask import render_template, redirect, url_for, flash
from .forms import RegisterForm

@app.route("/register", methods=["GET", "POST"])
def register():
    form = RegisterForm()
    if form.validate_on_submit():
        # Handle registration logic
        flash("Registration successful", "success")
        return redirect(url_for("index"))
    return render_template("register.html", form=form)
html
<!-- templates/register.html -->
<form method="post" novalidate>
  {{ form.csrf_token }}
  {{ form.email.label }} {{ form.email(size=32) }}
  {{ form.password.label }} {{ form.password() }}
  {{ form.confirm.label }} {{ form.confirm() }}
  {{ form.remember() }} {{ form.remember.label }}
  {{ form.submit() }}
  {% for field, errors in form.errors.items() %}
    {% for err in errors %}<p class="error">{{ field }}: {{ err }}</p>{% endfor %}
  {% endfor %}
</form>

File Upload Forms:

python
from flask_wtf.file import FileField, FileAllowed, FileRequired

class UploadForm(FlaskForm):
    file = FileField("File", validators=[FileRequired(), FileAllowed(["jpg","png"])])

Tips:

  • During development, you can set WTF_CSRF_ENABLED=False to temporarily disable CSRF, but must enable it in production
  • Use email-validator to improve email validation accuracy
  • Properly use flash and templates to display error messages

Content is for learning and research only.