Should I use cleaned_data when saving the form?

L

Lopus2016-04-13 21:26:27

Django

Lopus, 2016-04-13 21:26:27

Here is an example from the doc:

if request.method == 'POST':
        form = NameForm(request.POST)
        if form.is_valid():
            # process the data in form.cleaned_data as required

Further, if NameForm was inherited from ModelForm, I could just call form.save()
Or like this:

item = form.save(commit=False)
item.my_field = 'bla bla bla'
item.save()

1. Please explain why form.cleaned_data is needed if the form object is already populated from request.POST ?
2. Does request.POST end up with safe data to save the data by directly calling the save() method?
3. Is there an assumption that cleaned_data in this case may be needed, for example, when the data from the form needs to be sent by email or saved to the fields of another model?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Anatoly Scherbakov, 2016-04-13
@Altaisoft

Why do you think the object from POST is getting filled?
In request.POST, the data is not secure. POST - generally - readonly, and any garbage that came there from the client remains there. cleaned_data is the result of calling the cleanup and validation functions. And it is this data that is saved when you call save().