0

Here is an example having: form with three fields i.e 

from django import forms from models import Article class ArticleForm(forms.ModelForm): class Meta: model = Article fields = ('title','body','thumbnail')

view

from django.shortcuts import render_to_response from uploadfiles.models import Article from django.http import HttpResponse, HttpResponseRedirect from forms import ArticleForm from django.core.context_processors import csrf def create (request): if request.POST: form = ArticleForm(request.POST, request.FILES) if form.is_valid(): return HttpResponseRedirect('/all') else: form = ArticleForm() args= {} args.update(csrf(request)) args['form'] = form return render_to_response('create_article.html', args)

models

from django.db import models from time import time def get_upload_file_name(request): return "uploaded_files/%s_%s" %(str(time()).replace('.','-')) class Article(models.Model): title = models.CharField(max_length=200) body = models.TextField() thumbnail = models.FileField(upload_to = get_upload_file_name) def __unicode__(self): return self.title

html page

<!DOCTYPE html> <html> <head> <title>Page Title</title> </head> <body> <form action="/create" method="post" enctype="multipart/form-data">{% csrf_token %} {{form.as_ul}} <input type="submit" name="submit" value="create"/> </form> </body> </html>

MY QUESTIONS ARE:

1)What is Meta class, why we use this?

2)What this line means args.update(csrf(request))?

3)As in forms page redirects to /create .. as this can be any page! so how to save posted data now. as this returns the submitted data to html page.

My question can be so basic or simple but these are the things that are not clear to me and for that reason i am posting this here! and it can be duplicate so if you don't like it please don't mark negatively.:)

Improve this question

2 Answers 2

Reset to default
1

1) Metaclass is a 'thing' that creates classes.

You define classes in order to create objects, right?

But we learned that Python classes are objects.

Well, metaclasses are what create these objects. They are the classes' classes, you can picture them this way:

MyClass = MetaClass() MyObject = MyClass()

You've seen that type lets you do something like this:

MyClass = type('MyClass', (), {})

It's because the function type is in fact a metaclass. type is the metaclass Python uses to create all classes behind the scenes.

Now you wonder why the heck is it written in lowercase, and not Type?

Well, I guess it's a matter of consistency with str, the class that creates strings objects, and int the class that creates integer objects. type is just the class that creates class objects.

for more help see this MetaClasses

2) Cross-site request forgery (CSRF)

A Cross-site request forgery hole is when a malicious site can cause a visitor's browser to make a request to your server that causes a change on the server. The server thinks that because the request comes with the user's cookies, the user wanted to submit that form.

Depending on which forms on your site are vulnerable, an attacker might be able to do the following to your victims:

  • Log the victim out of your site. (On some sites, "Log out" is a link rather than a button!)
  • Post a comment on your site using the victim's login.
  • Transfer funds to another user's account.

To PREVENT this we use this update(csrf(request))

for more information see this ABOUT CSRF and this CSRF django

3) /create is a action of your present controller if you see your controller page there you can see this create function in that function you'll get your POST data

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

1) Meta = class metadata. This is where you define the different metadata elements of the model

2) CSRF = this is the token that prevents cross-site attacks. It is a hidden field/attribute that is added to your request to make sure someone cannot hack your site

3) The submitted data goes to the view and there your can save your data. Or I misunderstood your question....

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.