OhmSpectator
commented
1 year ago Use the wtforms lib.
For example:
from flask import Flask, request, render_template
from wtforms import Form, fields
class MyForm(Form):
interval_start = fields.DateField(format='%Y-%m-%d')
interval_end = fields.DateField(format='%Y-%m-%d')
app = Flask(__name__)
@app.route('/', methods=['GET', 'POST'])
def index():
form = MyForm(request.form)
if request.method == 'POST' and form.validate():
interval_start = form.interval_start.data
interval_end = form.interval_end.data
# ... do something with the dates here ...
return render_template('index.html', form=form)<form method="POST" action="/">
{{ form.csrf_token }}
{{ form.interval_start.label }} {{ form.interval_start(size=10) }}
{{ form.interval_end.label }} {{ form.interval_end(size=10) }}
<input type="submit" value="Submit">
</form>
The application uses the escape() function to escape user input before storing it in the at_home dictionary. However, this function is intended for escaping HTML content and may not be sufficient to prevent injection attacks or other types of tampering with the input data. It is generally a good practice to use more robust input validation and sanitization techniques to prevent such attacks.