What is a more efficient way to pass variables from Template to View in Django?

后端 未结 2 1126
梦如初夏
梦如初夏 2021-02-03 11:08

My question involves passing variables from the template to view in Django.

I know of passing variables in the URL and through a form. The problem I have with the first

相关标签:
2条回答
  • 2021-02-03 11:16

    There are three ways to get data from an html page into the server backend: URL (GET), Form (POST), and Cookies.

    Any of the three may be manipulated so you need to validate everything on the server every time no matter what.

    In terms of efficiency, per your post title, URL (GET) variables a slightly more efficient since form data goes through a mild amount of encoding before it is sent on to the server.

    Under normal usage the standard is to use URL (GET) variables when you are retrieving data from the server and to use Form (POST) variables when you want to manipulate (edit/delete) data on the server.

    0 讨论(0)
  • 2021-02-03 11:40

    There are broadly 3 ways to hold onto this kind of information:

    Session (my suggestion for your situation)

    Just stuff the data you want into the request.session dictionary; it'll persist per-user, and you can access it easily:

    # view1
    request.session['name1'] = male_results
    request.session['userid1'] = male_pic_userid
    
    # view2 (or elsewhere in view1)
    male_results = request.session.get('name1')
    male_pic_userid = request.session.get('userid1')
    

    Advantages

    • No changes needed to your templates (except removing your now-unnecessary forms).
    • Clean URLs
    • Persists even through closing and re-opening the browser window
    • You don't need to worry about users modifying or even seeing the session data (it's way more secure)

    Disadvantages

    • As with POST, page content is dictated by the URL and session data — URLs are no longer unique, and users can't share a particular page that relies on session info

    Query parameters

    Something like /match/?name1=foo1&userid1&name2=bar&userid2=2. You can either add these manually (<a href='/match/?name1={{ male_results }}...) or by changing your POST form to GET.

    Advantages

    • These URLs can be shared and bookmarked; if it's a list with filtering options, this is probably desirable ("Here's the list of cars I like" posted to Facebook, etc.)

    Disadvantages

    • As you've already noted, these can be freely modified by the user
    • Adding these to every URL is a massive pain

    POST form (your current approach)

    Advantages

    • A little more hidden (nothing user-visible without some kind of browser extension)
    • Slightly harder to manipulate (though don't rely on this security-through-obscurity)
    • Cleaner URLs

    Disdvantages

    • Leads to "this page has expired" messages on Internet Explorer if you use your browser's "back" button ...
    • ... and "Are you sure you want to re-send this data" messages on most browsers if users try to reload any of your pages
    • All this state information will be lost if a user re-opens the page (pressing "return" in the URL bar, for instance)
    • Users can't share the exact page they're looking at; the content is partly determined by non-user-visible information
    • Adding POST data to every navigation action is a huge pain.
    0 讨论(0)
提交回复
热议问题