Forms & WTForms
Flask 推荐配合 Flask-WTF 使用 WTForms 处理表单与 CSRF 保护。
安装:
bash
pip install flask-wtf wtforms email-validator配置:
python
app.config.update(SECRET_KEY="dev", WTF_CSRF_ENABLED=True)定义表单:
python
# forms.py
from wtforms import StringField, PasswordField, BooleanField, SubmitField
from wtforms.validators import DataRequired, Email, Length, EqualTo
from flask_wtf import FlaskForm
class RegisterForm(FlaskForm):
email = StringField("Email", validators=[DataRequired(), Email()])
password = PasswordField("Password", validators=[DataRequired(), Length(min=6)])
confirm = PasswordField("Confirm", validators=[EqualTo("password")])
remember = BooleanField("Remember me")
submit = SubmitField("Register")视图与模板:
python
# views.py
from flask import render_template, redirect, url_for, flash
from .forms import RegisterForm
@app.route("/register", methods=["GET", "POST"])
def register():
form = RegisterForm()
if form.validate_on_submit():
# 处理注册逻辑
flash("注册成功", "success")
return redirect(url_for("index"))
return render_template("register.html", form=form)html
<!-- templates/register.html -->
<form method="post" novalidate>
{{ form.csrf_token }}
{{ form.email.label }} {{ form.email(size=32) }}
{{ form.password.label }} {{ form.password() }}
{{ form.confirm.label }} {{ form.confirm() }}
{{ form.remember() }} {{ form.remember.label }}
{{ form.submit() }}
{% for field, errors in form.errors.items() %}
{% for err in errors %}<p class="error">{{ field }}: {{ err }}</p>{% endfor %}
{% endfor %}
</form>文件上传表单:
python
from flask_wtf.file import FileField, FileAllowed, FileRequired
class UploadForm(FlaskForm):
file = FileField("File", validators=[FileRequired(), FileAllowed(["jpg","png"])])小贴士:
- 开发期可设置
WTF_CSRF_ENABLED=False临时关闭 CSRF,但生产务必开启 - 使用
email-validator提升 Email 校验准确度 - 合理使用
flash与模板显示错误信息