HTTP — HyperText transfer Protocol
Django will run in server, clients can make request to the server → server will run
200: response code meaning ok
content-type: format of data coming back from response
Command
Download Django: pip3 install Django
Create Django project: django-admin startproject PROJECT_NAME
→Django will help us to make the project
manage.py: execute commands on the Django project
settings.py: configuration settings for Python ← with default built
urls.py: table of contents for the web application (like /search or /images in google) the urls that your web application can visit
run command by python manage.py COMMAND
127.0.01 ← IP address
8000 ← Port number
Put the http link to browser will lead you to
1 Django project is with a lot of Django application
Eg google project with map, mail, search, drive…
Amazon project with wish list, cart, search, video…
Start app
python manage.py startapp APPNAME
Under setting.py in lecture3 file:
Add the new app we created:
Then go to views.py under hello folder:
Tell Django when to return the response?
urls.py → could single one in the project// one for each app
variable ulrpatterns: list of all of the allowable URLs that the app can access to
url ← created by function path
first argument: “”← no addition argument
second argument: what view should be rendered when this url is visited
third argument (optional) name ← give a name to url pattern (easier to reference it)
from . import views ← as they are in the same folder, it means to get file view imported when the url was clicked
To let it work, you need to put it into the project one
tell lecture3 to look at urls in hello to see any extra url to excess
Go to the hello url
Change the view in hello!
Add sub url to hello!
How?
But quite weird to add the whole html into the views
Pass information in dictionary form from Python to HTML by third argument
Syntax use in html to get the variables
Directing what user should view when url was input
isitChristmas.com: https://isitchristmas.com/
Make isitNewYear — show yes only if the date is 1/1
step 1: add to the application of lecture3 project
step 2: add the urls of lecture 3 project
step 3: update the urls in the newyear app (create file urls.py)
step 4: update the view of newyear app
step 5: create templates/newyear/index.html
Then users can only see what the website is rendering!!!
To edit the style (static file) → store it separately, easier to access
In this case, html is not static as it will change according to the information passed into)
Step 1 create css file under static file
step 2 link the file to html by Django command
Line 11: Django will link the URL to the space ← avoid the change of router confusion ← django will find the url for you
Need to re-run the server !!!!!!!!!!!
Task
Do the steps ahead
views.py like this
index.html like this
with add tasks
But html are a bit similar with each other — template inheritance can reduce the work
You can inherit the layout of the pages!
in line 9, the add was hard coded: then you need to correct two places when the name of file was changed
Hence, even the path in url was changed to new/ ← as long as the name was unchanged, I am still save
if there are two urls with same names: index under newyear and index under tasks — django will mixed them together — WHat to do?
add variable app_name
from app called tasks, get index
But nothing happen even you submit the form?
post: send the information secretly not shown in the url
No permission: CSRF: cross site request forgery: security vulnerability
People may submit information to your website through other website.
How to forbidden request to be forged by another website?
CSRF token generate to submit the form with token to ensure the form is from our website
Django has CSRF validation on by default
done through Django Middleware ← intervene in the request response processing of Django
under lecture3 (project)’s settings.py
line 49: with csrf middleware
hidden token will be generated and only accept this token generated this time
You can submit the form but nothing changes
Other ways to create form with django
We could even modify the task by adding priority
This is not server-end but client-side validation
But server-side validation will be more secure as the user may be using an older version of html
Django could do this too!
POST: when user submit data
create variable form
form.is_valid: is user provide data with the exact format (eg exceeds 5?)
if yes, go to save it to the task list
if no, show the original input value
in line 27, if it is not post method but get method, then only shows the form with empty value
As prioritized is not in used and not included in our ordered list, you may just delete it first, then try to submit
use the reverse: same as using {{}} in html
But now we are storing data in global variables which entire application can get access to → anyone visit the website will return the same list of tasks
As only one tasks variables for everyone, so it will not be the thing that you want!
So instead of storing in global variables, should store them into users’ session
Session: Big dictionary representing all data stores about one particular user. Line 12: If tasks is not added in that session yet, provide an empty tasks list for the session
Why no such table?
— Django stores sessions in tables, but the tables were not created yet
uses command python manage.py migrate to create the table first
Show no tasks if there are no items in the list iterating ← special usage in django
only editing this one will be enough