# Chapter 5 - Django Forms

## Django Form Structure and Workflow

In [None]:
from django import forms
from django.shortcuts import render
from django.http import HttpResponseRedirect


6.1. Django form class definition

In [None]:
# forms.py in 'contact' app 

class ContactForm(forms.Form):
    name = forms.CharField(required=False)
    email = forms.EmailField(label='Your email')
    comment = forms.CharField(widget=forms.Textarea)


6.2. Django view method that uses a Django form

In [None]:
# views.py in 'contact' app
from .forms import ContactForm


def contact(request):
    form = ContactForm()
    return render(request,'about/contact.html', {'form':form})


6.3. Django form instance rendered in template as HTML

In [None]:
<tr>
    <th><label for="id_name">Name:</label></th>
    <td><input id="id_name" name="name" type="text"/></td>
</tr>
<tr>
    <th><label for="id_email">Your email:</label></th>
    <td><input id="id_email" required name="email" type="email"/></td>
</tr>
<tr>
    <th><label for="id_comment">Comment:</label></th>
    <td>
        <textarea cols="40" id="id_comment" required name="comment" rows="10"></textarea>
    </td>
</tr>


## Functional Web Form Syntax for Django Forms

6.4. Django form template declaration for functional web form

In [None]:
<form method="POST">
    {% csrf_token %}
    <table>
        {{form.as_table}}
    </table>
    <input type="submit" value="Submit form">
</form>


## Django View Method to Process Form (POST Handling)

In [None]:
from django.views.decorators.csrf import csrf_exempt, csrf_protect


6.5. Django view method that sends and processes Django form


In [None]:
def contact(request):
    if request.method == 'POST':
        # POST, generate form with data from the request
        form = ContactForm(request.POST)
        # check if it's valid:
        if form.is_valid():
            # process data, insert into DB, generate email,etc
            # redirect to a new URL:
            return HttpResponseRedirect('/about/contact/thankyou')
    else:
        # GET, generate blank form
        form = ContactForm()
    return render(request,'about/contact.html', {'form':form})


6.6. Django view method decorated with @csrf_exempt() to bypass CSRF enforcement


In [None]:
@csrf_exempt
def contact(request):
    # Any POST-processing inside view method
    # ignores if there is or isn't a CSRF token
    return

6.7. Django view method decorated with @csrf_protect() to enforce CSRF when CSRF is disabled at 
the project level

In [None]:
@csrf_protect
def contact(request):
    # Any POST processing inside view method
    # checks for the presence of a CSRF token
    # even when CsrfViewMiddleware is removed
    return
