WTF表单
wtf.py
pip install flask-wtf # 安装
from flask_wtf import FlaskForm from wtform import StringField, PasswordField, SubmmitField app.config["SECRET_KEY"] = "12345678" class register(flaskform): username = StringField("用户名:", render_kw={"placeholder":"占位符"}) password = PasswordField("密码:") password2 = PassswordField("确认密码:") submit = SubmitField("提交")
from flask import Flask, render_template from flask_wtf import FlaskForm from wtforms import StringField, PasswordField, SubmitField app = Flask(__name__) class register(FlaskForm): username = StringField("用户名:", render_kw={'placeholder': "我是占位符"}) password = PasswordField("密码:") password2 = PasswordField("确认密码") submit = SubmitField("注册") @app.route("/",methods=["POST", "GET"]) def index(): registerform = register() return render_template("demo4_template.html", form=registerform) if __name__ == '__main__': app.run()
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> {# <form method="post">#} {# <label>用户名:</label><input type="text" name="username" placeholder="请输入用户名"><br/>#} {# <label>密码:</label><input type="password" name="password" placeholder="请输入密码"><br/>#} {# <label>确认密码:</label><input type="password" name="password2" placeholder="请输入确认密码"><br/>#} {# <input type="submit" value="注册">#} {##} {#</form>#} <br/> <br/> <br/> <form method = "post"> {{ form.username.label }}{{ form.username }}<br/> {{ form.password.label }}{{ form.password }}<br/> {{ form.password2.label }}{{ form.password2 }}<br/> {{ form.submit}} </form> </body> </html>
CSRF
- 在客户端向后端请求界面数据的时候,后端会往响应中的 cookie 中设置 csrf_token 的值
- 在 Form 表单中添加一个隐藏的的字段,值也是 csrf_token
- 在用户点击提交的时候,会带上这两个值向后台发起请求
- 后端接受到请求,以会以下几件事件:
- 从 cookie中取出 csrf_token
- 从 表单数据中取出来隐藏的 csrf_token 的值
- 进行对比
- 如果比较之后两值一样,那么代表是正常的请求,如果没取到或者比较不一样,代表不是正常的请求,不执行下一步操作
Flask-SQLAlchemy
pip install flask-sqlalchemy flask-mysqldb #安装
# 一对多 的关系定义
参考博客:https://www.cnblogs.com/liuwei0824/p/8290526.html
from flask import Flask from flask_sqlalchemy import SQLAlchemy app = Flask(__name__) app.config['SQLALCHEMY_DATABASE_URI'] = "mysql://root:qqq123...A@127.0.0.1:3306/test27" app.config['SQLALCHEMY_TRACK_MODIFICATION'] = False # 初始化 sqlachemy db = SQLAlchemy(app) # 定义SQL 模型 角色 class Role(db.Model): # 指定表明 如不指明为类名小写 __tablename__ = "roles" id = db.Column(db.Integer, primary_key=True, autoincrement=True) # 唯一不重复 unique name = db.Column(db.String(64), unique=True) # 关联表 backref 给这行代码前面的user 添加一个属性 以便user可以通过user.role 可以访问Role的数据 users = db.relationship('User', backref='role') class User(db.Model): # 指定表明 如不指明为类名小写 __tablename__ = "user" id = db.Column(db.Integer, primary_key=True) name = db.Column(db.String(64), unique=True) # 外键 role_id = db.Column(db.Integer, db.ForeignKey(Role.id)) def __repr__(self): return 'user %d %s' % (self.id, self.name) # 用户 一个角色对应多个用户 @app.route('/') def index(): return "index" if __name__ == '__main__': # 创建所有表 db.drop_all() db.create_all() ro1 = Role(name="admin") ro2 = Role(name="user") db.session.add_all([ro1, ro2]) db.session.commit() user1 = User(name="laowang", role_id=ro1.id) user2 = User(name="laoli", role_id=ro2.id) user3 = User(name="laoda", role_id=ro2.id) db.session.add_all([user1, user2, user3]) db.session.commit() app.run(debug=True) 复制代码
# 数据库 查询 过滤 分页
from flask import Flask from flask_sqlalchemy import SQLAlchemy app = Flask(__name__) app.config['SQLALCHEMY_DATABASE_URI'] = "mysql://root:qqq123...A@127.0.0.1:3306/test27" app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False # 初始化 sqlachemy db = SQLAlchemy(app) # 定义SQL 模型 角色 class Role(db.Model): # 定义表名 __tablename__ = 'roles' # 定义列对象 id = db.Column(db.Integer, primary_key=True) name = db.Column(db.String(64), unique=True) us = db.relationship('User', backref='role') # repr()方法显示一个可读字符串 def __repr__(self): return 'Role:%s' % self.name class User(db.Model): __tablename__ = 'users' id = db.Column(db.Integer, primary_key=True) name = db.Column(db.String(64), unique=True, index=True) email = db.Column(db.String(64), unique=True) password = db.Column(db.String(64)) role_id = db.Column(db.Integer, db.ForeignKey('roles.id')) def __repr__(self): return 'User:%s' % self.name # 用户 一个角色对应多个用户 @app.route('/') def index(): return "index" def db_opt(): # 创建所有表 db.drop_all() db.create_all() # 再次插入一条数据 ro1 = Role(name='admin') db.session.add(ro1) db.session.commit() # 再次插入一条数据 ro2 = Role(name='user') db.session.add(ro2) db.session.commit() # 再次插入一条数据 us1 = User(name='wang', email='wang@163.com', password='123456', role_id=ro1.id) us2 = User(name='zhang', email='zhang@189.com', password='201512', role_id=ro2.id) us3 = User(name='chen', email='chen@126.com', password='987654', role_id=ro2.id) us4 = User(name='zhou', email='zhou@163.com', password='456789', role_id=ro1.id) us5 = User(name='tang', email='tang@itheima.com', password='158104', role_id=ro2.id) us6 = User(name='wu', email='wu@gmail.com', password='5623514', role_id=ro2.id) us7 = User(name='qian', email='qian@gmail.com', password='1543567', role_id=ro1.id) us8 = User(name='liu', email='liu@itheima.com', password='867322', role_id=ro1.id) us9 = User(name='li', email='li@163.com', password='4526342', role_id=ro2.id) us10 = User(name='sun', email='sun@163.com', password='235523', role_id=ro2.id) db.session.add_all([us1, us2, us3, us4, us5, us6, us7, us8, us9, us10]) db.session.commit() def test(): # 查询所有用户数据 User.query.all() # 查询有多少个用户 User.query.count() # 查询第1个用户 User.query.first() # 查询id为4的用户[3种方式] User.query.get(4) User.query.filter(User.id == 4).first() User.query.filter_by(id=4).first() # 查询名字结尾字符为g的所有数据[开始/包含] User.query.filter(User.name.endswith('g')).all() User.query.filter(User.name.contains("g")).all() # 查询名字不等于wang的所有数据[2种方式] User.query.filter(User.name != 'wang').all() # 查询名字和邮箱都以 li 开头的所有数据[2种方式] from sqlalchemy import and_ User.query.filter(User.name.startswith("li"), User.email.startswith("li")).all() User.query.filter(and_(User.name.startswith("li"), User.email.startswith("li"))).all() # 查询password是 `123456` 或者 `email` 以 `itheima.com` 结尾的所有数据 from sqlalchemy import or_ User.query.filter(or_(User.password == "123456", User.email.endswith("itheima.com"))).all() # 查询id为 [1, 3, 5, 7, 9] 的用户列表 User.query.filter(User.id.in_([1, 3, 5, 8, 9])).all() # 查询name为liu的角色数据 User.query.filter(User.name == "liu").first().role # 查询所有用户数据,并以邮箱排序 User.query.order_by(User.email).all() # 正序 User.query.order_by(User.email.asc()).all() # 倒叙 User.query.order_by(User.email.desc()).all() # 每页3个,查询第2页的数据 paginate = User.query.paginate(2, 3) # 列出 paginate.items # 总页数 paginate.pages # 当前页面 paginate.page if __name__ == '__main__': db_opt() app.run(debug=True)
# 导入数据 删除数据
from flask import Flask, render_template, flash, request, redirect, url_for from flask_sqlalchemy import SQLAlchemy from flask_wtf import FlaskForm from sqlalchemy import Column from wtforms import StringField, SubmitField from wtforms.validators import InputRequired app = Flask(__name__) app.secret_key = "adueiowqjeo1" app.config["SQLALCHEMY_DATABASE_URI"] = "mysql://root:qqq123...A@127.0.0.1:3306/booktest" app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False db = SQLAlchemy(app) class AddFrom(FlaskForm): author = StringField("作者", validators=[InputRequired('请输入作者名')]) book = StringField("书名", validators=[InputRequired("请输入书名")]) submit = SubmitField("提交") class Author(db.Model): """作者 一的一方""" __tablename__ = "authors" id = db.Column(db.Integer, primary_key=True) name = db.Column(db.String(64), unique=True) # 定义属性 以便作者模型可以通过直接通过该属性访问其多的一方的数据 # backref 给book添加了一个author属性 可以通过book.author 获取book对应的作者 books = db.relationship('Book', backref='author') class Book(db.Model): """书 多的一方""" __tablename__ = "books" id = db.Column(db.Integer, primary_key=True) name = db.Column(db.String(64), unique=True) author_id: Column = db.Column(db.Integer, db.ForeignKey(Author.id)) @app.route("/delete_author/<author_id>") def delete_author(author_id): author = Author.query.get(author_id) #Book.query.filter(Book.author_id==author_id).delete() Author.query.filter(Author.id==author_id).delete() db.session.delete(author) db.session.commit() return redirect(url_for('index')) @app.route("/delete_book/<book_id>") def delete_book(book_id): try: book = Book.query.get(book_id) except Exception as e: print(e) return "查询错误" if not book: return "数据不存在" try: db.session.delete(book) db.session.commit() except Exception as e: print(e) db.session.rollback() return "删除失败" return redirect(url_for('index')) def createData(): # 生成数据 au1 = Author(name='老王') au2 = Author(name='老尹') au3 = Author(name='老刘') # 把数据提交给用户会话 db.session.add_all([au1, au2, au3]) # 提交会话 db.session.commit() bk1 = Book(name='老王回忆录', author_id=au1.id) bk2 = Book(name='我读书少,你别骗我', author_id=au1.id) bk3 = Book(name='如何才能让自己更骚', author_id=au2.id) bk4 = Book(name='怎样征服美丽少女', author_id=au3.id) bk5 = Book(name='如何征服英俊少男', author_id=au3.id) # 把数据提交给用户会话 db.session.add_all([bk1, bk2, bk3, bk4, bk5]) # 提交会话 db.session.commit() @app.route("/", methods=["get", "post"]) def index(): """返回首页""" # 1.查询数据 form = AddFrom() # 2.将数据传入模板中进行渲染返回 # 查询作者指定名字 if form.validate_on_submit(): author_name = form.author.data book_name = form.book.data sqlauthor = Author.query.filter(Author.name == author_name).first() if not sqlauthor: try: sqlauthor = Author(name=author_name) db.session.add(sqlauthor) db.session.commit() book = Book(name=book_name, author_id=sqlauthor.id) db.session.add(book) db.session.commit() except Exception as e: db.session.rollback() print(e) flash("添加失败") else: sqlbook = Book.query.filter(Book.name == book_name).first() if not sqlbook: try: book = Book(name=book_name, author_id=sqlauthor.id) db.session.add(book) db.session.commit() except Exception as e: print(e) flash("添加失败") else: flash("已存在") else: if request.method == "POST": flash("输入有误") authors = Author.query.all() return render_template("template1.html", author=authors, form=form ) if __name__ == '__main__': db.drop_all() db.create_all() createData() app.run(debug=True)
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>模板</title> </head> <body> <h1>图书管理</h1> <form method="post"> {{ form.csrf_token() }} {{ form.author.label }}{{ form.author }} {{ form.book.label }}{{ form.book }} {{ form.submit }} </form> <ul> {% for author in author %} <li>{{ author.name }}<a href="/delete_author/{{ author.id }}"> 删除</a> </li> <ul> {% for book in author.books %} <li>{{ book.name }}<a href="/delete_book/{{ book.id }}"> 删除</a></li> {% endfor %} </ul> {% endfor %} </ul> </body> </html>
# 多对多的关系
tags = db.Table('tags',
db.Column('tag_id', db.Integer, db.ForeignKey('tag.id')),
db.Column('page_id', db.Integer, db.ForeignKey('page.id'))
)
class Page(db.Model):
id = db.Column(db.Integer, primary_key=True)
tags = db.relationship('Tag', secondary=tags,
backref=db.backref('pages', lazy='dynamic'))
class Tag(db.Model):
id = db.Column(db.Integer, primary_key=True)
# blueprint order.py
from flask import blueprint
# 创建蓝图
order_blu = Blueprint("order_blue", __name__)
# 使用蓝图
@order_blue.route("/order")
def order():
return "order_list"
# main.py
from order import order_blu
# 在APP上注册蓝图
app.register_blueprint(order_blu)
from flask import Blueprint order_blu = Blueprint("blue", __name__) @order_blu.route("/order") def order(): return "order_list"
from flask import Flask, render_template from flask_sqlalchemy import SQLAlchemy from Blueprint_demo import order_blu app = Flask(__name__) app.register_blueprint(order_blu) @app.route("/") def index(): return "hah" if __name__ == '__main__': app.run(debug=True, port=2222)
__init__ 导包 初始化蓝图
views 注册路由
main.py 注册蓝图
一个爱学习的oscar