A web development python framework

PRESENTED BY :

SAQIB SAUD C
II MCA
OUTLINE
• Introduction to Django
• MVT Architecture
• Model layer
• View layer
• Template Layer
• Forms
• Automated admin interface
• Django Security
INTRODUCTION TO DJANGO

• Django is a high-level python web framework which was created for quick web
project development.
• It delivers transparent and high-quality code writing, making it important for
developers, and equally important for customers.
• It’s free and open source.
• Fast and Secure.
• Dynamic and database driven content based websites.
HISTORY

• Named after famous Guitarist “Django Reinhardt”

• Developed by Adrian Holovaty and Jacob Kaplan-moss at
World Online News for efficient development
• Open sourced in 2005
• First Version released September 3, 2008
DJANGO AS AN MVC DESIGN PATTERN

MVT Architecture :
• Models - Describes your data structure/database schema
• Views - Controls what a user sees
• Templates – How a user sees it
• Controller – Controls request and responses
MVT Architecture :
 MVT Architecture :
• URLs: A URL mapper is used to redirect HTTP requests to the appropriate
view based on the request URL.
• View: A view is a request handler function, which receives HTTP requests
and returns HTTP responses.
• Models: Models are Python objects that define the structure of
an application's data, and provide mechanisms to manage (add, modify,
delete) and query records in the database.
• Templates: A template is a text file defining the structure or layout of a
file(such as an HTML page). A template can be used to define the
structure of any type of file; it doesn't have to be HTML!
INSTALLING PYTHON:

In order to use Django you will have to install Python on your

operating system.
For windows:
• Download the required installer from : https://www.python.org/downloads/
• Select the version and Download Python 3.7.2.
• Be sure to check the box labeled "Add Python to PATH“.
ENVIRONMENT SETUP:

Windows 10 virtual environment setup:

In command prompt type the commands to install
- pip3 install virtualenvwrapper-win
Now you can create a new virtual environment with the mkvirtualenv command
- mkvirtualenv myproject
There are some commands for virtual environment:
- deactivate
- workon myproject
- rmvirtualenv myproject
INSTALLING DJANGO:

Once you've created a virtual environment, you can use pip3 to install Django.
- pip3 install django
You can test that Django is installed by running the following command.
- py –m django –version
Now you can create your website using django
- django-admin startproject myfirstproject
- cd myfirstproject
 WORKING OF DJANGO:
We can run the development web server from within this folder
using manage.py and the runserver command.
- python3 manage.py runserver
Once the server is running you can view the site by navigating to the following
URL on your local web browser: http://127.0.0.1:8000/
DJANGO MODEL LAYER :

• Model is the data access layer of Django.

• It gives a way to access it, validate it and describes the
relationships between the data.
• It maps a single database table to a python class.
• It handles the inconsistency of SQL across different database
platforms.
CREATE YOUR FIRST MODEL:

• Each model is a Python class that inherit Django model class

“django.db.models.Model”
• Each attribute of the model represents a database field.
• e.g.: from django.db import models class Person(models.Model):
- first_name = models.CharField(max_length=30)
- last_name = models.CharField(max_length=30)
MODEL FIELDS :

These are three things for creating Model Fields.

• Field Types
• Field Options
• Relationships
FIELD TYPES:

Django uses Field Types for data validation in automatically generated forms.
E.G: AutoField() - An interger field that automatically increments
BooleanField() - Store true/false value and generally used for
checkboxes
CharField() - A string field for small to large-sized strings.
DateField() - A date field represents python datetime.date
FIELD OPTIONS:
• Field options are used to customize and put constraint on table rows.
• Each Field takes certain field specific arguments.
E.g:- name = models.CharField(max_length=60)
Here “max_length” specifies the size of the VARCHAR field.
The following are some common and mostly used field options:
a) null – To store empty values as NULL in database
b) blank - If True, the field is allowed to be blank. Default is False
c) default – stores default value for a field
d) primary_key – This field will be the primary key for the table
e) unique_key – Puts unique key constraint for a column
MODEL FIELD RELATIONSHIPS:

Django provides ways to define the three most common

types of database relationships:
a)many-to-one
b)many-to-many
c)one-to-one
MODEL METHODS:

• There are some predefined model methods that encapsulate database

behaviour that you can override to customize it.
Few predefined model methods are
a)save(),
b)delete(),
c) pre_save(),
d)pre_delete() etc.
MODEL INHERITANCE:

Model inheritance in Django works almost identically to the way

normal class inheritance works in Python.
There are three types of inheritance in Django model:
a) Abstract base classes
b) Multi table inheritance
c) Proxy Models
DJANGO MODEL EXAMPLE:

• We created a model Student that contains the following code in models.py file.
//models.py
class Student(models.Model):
first_name = models.CharField(max_length=20)
last_name = models.CharField(max_length=30)
contact = models.IntegerField()
email = models.EmailField(max_length=50)
age = models.IntegerField()
DJANGO MODEL EXAMPLE
It will create a table myapp_student. The table structure looks like the below.
DJANGO VIEW LAYER:

• A view is a place where we put our business logic of the application. The view is a
python function which is used to perform some business logic and return a response
to the user.
• This response can be the HTML contents of a Web page, or a redirect, or a 404
error.
• All the view function are created inside the views.py file of the Django app.
DJANGO VIEW EXAMPLE:

//views.py
import datetime
# Create your views here.
from django.http import HttpResponse
def index(request):
now = datetime.datetime.now()

html = "<html><body><h3>Now time is %s.</h3></body></html>" % now

return HttpResponse(html) # rendering the template in HttpResponse
DJANGO VIEW EXAMPLE:
DJANGO TEMPLATES LAYER:

• Django provides a convenient way to generate dynamic

HTML pages by using its template system.
• A template consists of static parts of the desired HTML
output as well as some special syntax describing how
dynamic content will be inserted.
WHY DJANGO TEMPLATE?

• We know that HTML is a static markup language, while

Python is a dynamic programming language.

• Django template engine is used to separate the design from

the python code and allows us to build dynamic web pages.
FORMS

• Django provides a Form class which is used to create HTML forms.

• It manages form data and performs validation while submitting the form.
Example:
from django import forms
class StudentForm(forms.Form):
firstname = forms.CharField(label="Enter first name",max_length=50)
lastname = forms.CharField(label="Enter last name", max_length = 100)
When rendered, it produces the following HTML to the browser:

<label for="id_firstname">Enter first name:</label>

<input type="text" name="firstname" required maxlength="50"
id="id_firstname" />
<label for="id_lastname">Enter last name:</label>
<input type="text" name="lastname" required maxlength="100“
id="id_lastname" />
Commonly used fields and their details are given in the below table.

Name Class HTML Input

BooleanField class BooleanField(**kwargs) CheckboxInput

CharField class CharField(**kwargs) TextInput

ChoiceField class ChoiceField(**kwargs) Select

DateField class DateField(**kwargs) DateInput

DateTimeField class DateTimeField(**kwargs) DateTimeInput

DecimalField class DecimalField(**kwargs) NumberInput

EmailField class EmailField(**kwargs) EmailInput

FileField class FileField(**kwargs) ClearableFileInput

ImageField class ImageField(**kwargs) ClearableFileInput

AUTOMATED ADMIN INTERFACE:
• One of the most powerful parts of Django is the automatic admin interface.
• This is a built-in module and designed to perform admin related tasks to the
user.
• The admin app (django.contrib.admin) is enabled by default and already
added into INSTALLED_APPS section of the settings file.
DJANGO SECURITY:

• Cross site scripting (XSS) protection

• Cross site request forgery (CSRF) protection
• SQL injection protection
• Clickjacking protection
• SSL/HTTPS
CROSS SITE SCRIPTING (XSS) PROTECTION:

• XSS is a term used to describe a class of attacks that allow an

attacker to inject client-side scripts through the website into the
browsers of other users.
• This is usually achieved by storing malicious scripts in the
database where they can be retrieved and displayed to other
users.
• Using Django templates protects you against the majority of
XSS attacks.
CROSS SITE REQUEST FORGERY (CSRF)
PROTECTION:

• CSRF attacks allow a malicious user to execute actions

using the credentials of another user without that user’s
knowledge or consent.
• The way the protection is enabled is that you include the
{% csrf_token %} template tag in your form definition.
SQL INJECTION PROTECTION:

• SQL injection enable malicious users to execute SQL

code on a database, allowing data to be accessed,
modified, or deleted irrespective of the user's
permissions.
• You can protect SQL injection using Django models.
CLICKJACKING PROTECTION:

• In this attack a malicious user hijacks clicks meant for

a visible top level site and routes them to a hidden
page.
• Django protects this attack by providing X-Frame-
optionsmiddleware.
SSL/HTTPS:

• SSL/HTTPS can be enabled on the web server in order to encrypt all

traffic between the site and browser.
• Including authentication credentials(enabling HTTPS is highly
recommended).
• If HTTPS is enabled then Django provides a number of other protections
you can use:
• SECURE_PROXY_SSL_HEADER
• SECURE_SSL_REDIRECT
 DJANGO WEB APPLICATION TOOLS:
There are various tools available in Django:
• Authentication
• Caching
• Logging
• Sending emails
• Pagination
• Message Framework
• Sessions
• Data validation
AUTHENTICATION:

• Django comes with a user authentication system.

• It handles user accounts, groups, permissions and cookie-based
user sessions.
• Authentication system handles both authentication and
authorization.
THE AUTH SYSTEM CONSISTS OF:

• Users authentication.
• Permissions to user: Binary (yes/no)
• Groups: A generic way of applying labels and permissions to more
than one user.
• A configurable password hashing system.
• Forms and view tools for logging in users, or restricting content.
CACHING:
• To cache something is to save the result of an expensive calculation so that you
don’t have to perform the calculation next time.
• Django comes with a robust cache system that lets you save dynamic pages so
they don’t have to be calculated for each request.
Example:
LOGGING:

• Django uses Python’s built-in logging module to perform system

logging.
A Python logging configuration consists of four parts:
• Loggers
• Handlers
• Filters
• Formatters
SENDING EMAILS:

• Using Django email package we can send mails easily.

• Package - from django.core.mail import send_mail
• Django has some Email methods that can be used to send mails.
THANK YOU