Form Validation with WTForms ============================ When you have to work with form data submitted by a browser view code quickly becomes very hard to read. There are libraries out there designed to make this process easier to manage. One of them is `WTForms`_ which we will handle here. If you find yourself in the situation of having many forms, you might want to give it a try. When you are working with WTForms you have to define your forms as classes first. I recommend breaking up the application into multiple modules (:ref:`larger-applications`) for that and adding a separate module for the forms. The Forms --------- This is an example form for a typical registration page:: from wtforms import Form, BooleanField, TextField, validators class RegistrationForm(Form): username = TextField('Username', [validators.Length(min=4, max=25)]) email = TextField('Email Address', [validators.Length(min=6, max=35)]) password = PasswordField('New Password', [ validators.Required(), validators.EqualTo('confirm', message='Passwords must match') ]) confirm = PasswordField('Repeat Password') accept_tos = BooleanField('I accept the TOS', [validators.Required()]) In the View ----------- In the view function, the usage of this form looks like this:: @app.route('/register', methods=['GET', 'POST']) def register(): form = RegistrationForm(request.form) if request.method == 'POST' and form.validate(): user = User(form.username.data, form.email.data, form.password.data) db_session.add(user) flash('Thanks for registering') return redirect(url_for('login')) return render_template('register.html', form=form) Notice that we are implying that the view is using SQLAlchemy here (:ref:`sqlalchemy-pattern`) but this is no requirement of course. Adapt the code as necessary. Things to remember: 1. create the form from the request :attr:`~flask.request.form` value if the data is submitted via the HTTP `POST` method and :attr:`~flask.request.args` if the data is submitted as `GET`. 2. to validate the data, call the :func:`~wtforms.form.Form.validate` method which will return `True` if the data validates, `False` otherwise. 3. to access individual values from the form, access `form..data`. Forms in Templates ------------------ Now to the template side. When you pass the form to the templates you can easily render them there. Look at the following example template to see how easy this is. WTForms does half the form generation for us already. To make it even nicer, we can write a macro that renders a field with label and a list of errors if there are any. Here an example `_formhelpers.html` template with such a macro: .. sourcecode:: html+jinja {% macro render_field(field) %}
{{ field.label }}
{{ field(**kwargs)|safe }} {% if field.errors %} {% endif %}
{% endmacro %} This macro accepts a couple of keyword arguments that are forwarded to WTForm's field function that renders the field for us. They keyword arguments will be inserted as HTML attributes. So for example you can call ``render_field(form.username, class='username')`` to add a class to the input element. Note that WTForms returns standard Python unicode strings, so we have to tell Jinja2 that this data is already HTML escaped with the `|safe` filter. Here the `register.html` template for the function we used above which takes advantage of the `_formhelpers.html` template: .. sourcecode:: html+jinja {% from "_formhelpers.html" import render_field %}
{{ render_field(form.username) }} {{ render_field(form.email) }} {{ render_field(form.password) }} {{ render_field(form.confirm) }} {{ render_field(form.accept_tos) }}

For more information about WTForms, head over to the `WTForms website`_. .. _WTForms: http://wtforms.simplecodes.com/ .. _WTForms website: http://wtforms.simplecodes.com/