为什么Django中的只读表单字段是个坏主意? [英] Why are read-only form fields in Django a bad idea?
问题描述
我一直在寻找一种创建只读表单字段的方法,并且我发现每一篇关于该主题的文章都带有这是一个坏主意的声明。现在,对于一个单独的表单,我可以理解,还有其他方法可以解决问题,但是在模型模型中使用只读表单字段似乎是一个完全自然的想法。
I've been looking for a way to create a read-only form field and every article I've found on the subject comes with a statement that "this is a bad idea". Now for an individual form, I can understand that there are other ways to solve the problem, but using a read only form field in a modelformset seems like a completely natural idea.
考虑一个教师成绩单申请,老师希望能够通过单个提交材料进入所有学生(注意复数学生)成绩。模型形式可以遍历所有的学生成绩,使学生姓名是只读的,成绩是可编辑的字段。我喜欢错误检查和错误报告的功能和方便,您可以使用一个modelformset,但留下学生姓名可以在这样一个formset可以编辑是疯狂的。
Consider a teacher grade book application where the teacher would like to be able to enter all the students' (note the plural students) grades with a single SUBMIT. A modelformset could iterate over all the student-grades in such a way that the student name is read-only and the grade is the editable field. I like the power and convenience of the error checking and error reporting you get with a modelformset but leaving the student name editable in such a formset is crazy.
自专家django一致的是,只读表单域是一个坏主意,我想知道标准django最佳实践是上面的示例学生级示例?
Since the expert django consensus is that read-only form fields are a bad idea, I was wondering what the standard django best practice is for the example student-grade example above?
推荐答案
您不想这样做的原因是因为有人可以将禁用的字段更改为已启用,然后提交表单。您将不得不更改保存功能,以免插入禁用数据。
The reason you don't want to do this is because someone can change your disabled field to enabled and then submit the form. You would have to change the save function as to not insert the "disabled" data.
执行此操作的标准方法是不将该名称放在输入中,但是将其显示为文本
The standard way to do this is to not put the name in an input, but to display it as text
<form>
<div>
<label>Name</label>
<p>Johnny Five</p>
</div>
<div>
....
这不可能在django。
This is not possible in django.
我说如果你真的相信你的用户基础不会乱七八糟的东西然后去,但如果它的一个面向公众的网站与可能的敏感数据,然后远离。
I say if you really trust your userbase to not "mess" with things then go for it, but if its a public facing website with possible sensitive data then stay away.
这篇关于为什么Django中的只读表单字段是个坏主意?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
