Build validated forms with Flask-WTF: CSRF protection, field validators, and error display.
Forms with WTForms
pip install flask-wtf
from flask_wtf import FlaskForm
from wtforms import StringField, PasswordField, TextAreaField
from wtforms.validators import DataRequired, Email, Length, EqualTo
class RegistrationForm(FlaskForm):
name = StringField("Name", validators=[DataRequired(), Length(2, 100)])
email = StringField("Email", validators=[DataRequired(), Email()])
password = PasswordField("Password", validators=[DataRequired(), Length(8)])
confirm = PasswordField("Confirm", validators=[EqualTo("password")])
# In route
@app.route("/register", methods=["GET","POST"])
def register():
form = RegistrationForm()
if form.validate_on_submit():
user = User(name=form.name.data, email=form.email.data)
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
return redirect(url_for("auth.login"))
return render_template("register.html", form=form)
# Template
# {{ form.hidden_tag() }} — CSRF token
# {{ form.email.label }}
# {{ form.email(class="form-control") }}
# {% for error in form.email.errors %} ... {% endfor %}