我的Django表单存在问题,并将其与数据库中的数据相结合。
你们有任何提示或输入我如何使我的代码更多"安全"?目前,我正在跳过Django提供的所有提供的安全性clean_data和is_valid()。原因是我不知道该怎么做。
views.py
var offscreenCanvas = document.createElement('canvas');
var offscreenC = offscreenCanvas.getContext('2d');
offscreenCanvas.width = canvas.width;
offscreenCanvas.height = canvas.height;
// in animate function, draw points onto the offscreen canvas instead
// of the regular canvas as they are added
if(trace.includes([x2, y2]) != true){
trace.push([x2,y2]);
var i = trace.length-1;
if (i > 1) {
offscreenC.strokeStyle = 'white'
offscreenC.beginPath();
offscreenC.moveTo(trace[i][0], trace[i][1])
offscreenC.lineTo(trace[i-1][0], trace[i-1][1])
offscreenC.stroke();
}
}
c.drawImage(offscreenCanvas, 0, 0);
models.py
from django.shortcuts import render
from .models import Ticket
from tickets.models import Order, Entry
# Create your views here.
def choose_ticket_and_quantity(request):
tickets = Ticket.objects.all()
if request.POST:
o = Order.objects.create()
request.session['order_id'] = o.order_id
ticket_id = request.POST.getlist('ticket_id')
ticket_quantity = request.POST.getlist('ticket_quantity')
for x in range(len(ticket_id)):
if int(ticket_quantity[x]) > 0:
e = Entry(
order=Order.objects.get(order_id = o.order_id),
ticket=Ticket.objects.get(id = ticket_id[x]),
quantity=ticket_quantity[x]
).save()
return render(request, "tickets/choose_ticket_and_quantity.html", {"tickets": tickets})
choose_ticket_and_quantity.html
class Ticket(models.Model):
description = models.TextField()
name = models.CharField(max_length=120)
price_gross = models.DecimalField(max_digits=19, decimal_places=2)
quantity = models.IntegerField()
这是我目前在 forms.py 中尝试/启动的内容 但我不知道在从模型中获取票证数据时如何呈现* .html。
<form action="" method="post">
{% csrf_token %}
{% for ticket in tickets %}
<input type="hidden" name="ticket_id" value="{{ ticket.id }}">
{{ ticket.name }}
<select name="ticket_quantity" >
<option value="0">0</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
</select>
{% endfor %}
<p><input type="submit" value="Checkout"></p>
</form>
答案 0 :(得分:1)
您可以为EntryModelForm模型创建Entry,然后创建EntryModelForm的FormSet。
以下是示例视图功能:
from django.forms import formset_factory
def choose_ticket_and_quantity(request):
tickets = []
for ticket in Ticket.objects.all():
tickets.append({'ticket': ticket})
EntryFormSet = formset_factory(EntryModelForm, extra=0)
formset = EntryFormSet(initial=tickets)
if request.POST:
o = Order.objects.create()
formset = EntryFormSet(request.POST, initial=tickets)
for form in formset:
if form.is_valid():
entry = form.save(commit=False)
entry.order = o
entry.save()
return render(request, "tickets/choose_ticket_and_quantity.html",
{'formset': formset})
我猜您的入门模型类可能类似于以下内容:
class Entry(models.Model):
order = models.ForeignKey(Order, on_delete=models.CASCADE)
ticket = models.ForeignKey(Ticket, on_delete=models.CASCADE)
quantity = models.IntegerField(choices=INT_CHOICES)
这是表单类:
class EntryModelForm(forms.ModelForm):
class Meta:
model=Entry
exclude = ('order',)
以下是HTML模板:
<form action="" method="post">
{% csrf_token %}
{{ formset }}
<p><input type="submit" value="Checkout"></p>
</form>