Updating data
So far all of this work replicates what can already be done with a simple HTML file. However, the real power of Flask comes from its ability to interact with data.
In this section, we will create a simple website that allows users to update data. We will use a simple list of dictionaries to store the data and eventually this will be converted to use a database.
Sending data from the webpage to the server
All of our routes use the GET
method by default. This means that when a user visits a page, the browser sends a GET
request to the server to retrieve the page. While we don’t need to specify the method when defining a route, we can do so by passing it in as an argument to the route decorator.
As great as GET
requests are, they only “get” data from the server and are unable to send data to the server. To send data to the server, we need to use a POST
request, similar to “posting” the data to the server. We can do this by creating a form in the HTML template and setting the method
attribute to POST
and having a route that accepts POST
requests.
HTML forms are used to collect user input and send it to the server. The form element has an action
attribute that specifies the URL where the form data should be sent, and a method
attribute that specifies the HTTP method to use when sending the form data, as we are sending data to the server we will use the POST
method.
In the above form, we have two input fields, one for the name and one for the age. When the user submits the form, the data will be sent to the /update
route as a POST
request.
-
Import the
request
object from Flask.The
request
object contains the data that the client sends to the server. In this case, we are using theform
attribute of therequest
object to access the form data sent by the client. -
Create a list of dictionaries to store the data.
These dictionaries will have two keys:
name
andage
. While the data is hard-coded in this example, it could be loaded from a database or an API. -
Create a route to display the data.
The route will render an HTML template that displays the data in a table. The template uses a for loop to iterate over the list of dictionaries and display the data in rows.
-
Create a route to update the data.
The route will receive the updated data from a form submission which happens from an HTTP POST Request. It will update the corresponding dictionary in the list and then render the HTML template to display the updated data.
Using Flask-WTF
The above example works, but it is not very user-friendly. Users have to manually type in the data, and there is no validation to ensure that the data is correct.
A better approach is to use Flask-WTF, which is a Flask extension that makes it easy to work with forms. Flask-WTF uses WTForms to define forms in Python and render them in HTML.
Installing Flask-WTF
To install Flask-WTF, run the following command:
Creating a form
There is a lot of boilerplate code involved in creating forms using Flask-WTF, but it is worth it for the added functionality.
-
Firstly we will need to import the necessary classes from
flask_wtf
,wtforms
, andwtforms.validators
. -
Next, we will create a form class that inherits from
FlaskForm
.This will contains the fields that we want to display in the form and the validation logic for each field.
-
We can now use this form in our route to render the form in the HTML template.
This will provide our form to the template, which can be used to render the form fields.
-
We can now update the HTML template to render the form fields.
The
{{ form.csrf_token }}
is a security feature that prevents Cross-Site Request Forgery (CSRF) attacks.The
{{ form.name.label }}
and{{ form.name }}
will render the label and input field for the name respectively.The
{{ form.name.errors }}
will render any validation errors for the name field.The same applies for the age field.
-
Finally, we can update the route to handle the form submission.
We will validate the form data and if it is valid, we will extract the data from the form and add it to the list of data.
Combining all of the above steps, we get the following code:
With all of the above code, we now have a simple website that allows users to update data. Using Flask-WTF the forms will always match up to the data that is expected, and the validation logic will ensure that the data is correct.