1. 路由系统
def test():
pass
url(r'^test$', test)
创建app:
python3 mange.py startapp app名称
from app01 import views
url(r'^test$', views.test)
反向路由:
urls:
url(r'^test1$', views.test, name='xxx')
html:
<form action="{% url ’xxx‘ %}">
</form>
路由分组:
include
urls.py:
url(r'^test/(\w+)/(\w+)/')
views.py:
def test(request, id, name):
urls.py:
url(r'^test/(?P<id>\w+)/(?P<name>\w+)/')
views.py:
def test(request, name,id):
建议 大家使用:
创建一个app, 然后在app的views.py中写自己的业务逻辑函数, urls.py 路由匹配, 只是进行分发
CBV和FBV:
FBV:之前所有的都是基于FBV(写函数)
CBV:
urls.py:
url('^login', views.Login.as_view())
views.py:
from django.views import View
class Login(View):
def get():
pass
def post():
pass
http协议支持的方法:get、post、put(更新)、delete(删除)、patch(部分更新)
form支持get、post
ajax 支持大多数方法
2. ORM配置和
a. 自己创建数据库
b. settings:
default: mysql配置链接
install_app: app01
c. __init__.py:
import pymysql
pymysql.install_as_mysqldb
d.在models.py:
class UserType(models.Model):
title= models.Charfiled(max_legnt=32)
class Userinfo(models.MOdel):
### id不用写, 自动生成
name = models.Charfiled(max_legnt=32)
ut = models.ForeignKey('UserType') ### ut_id
e.python3 mange.py makemigrations ## 生成migrations文件
python3 mange.py migrate ### 根据生成的migrations文件生成表
3. 基本使用
增
models.Userinfo.objects.create(name='xxxx')
查
单表查询:
### 查询所有
res = models.userinfo.objects.all()
res### query set [ obj, obj, obj,....]
### 查询一个
res = models.userinfo.objects.first()
res ### obj
### 过滤
res = models。userinfo.objects.filter(id=1)
res = models。userinfo.objects.filter(id__lt=1)
res = models。userinfo.objects.filter(id__lte=1)
res = models。userinfo.objects.filter(id__gte=1)
res = models。userinfo.objects.filter(id__gt=1)
### 查询某一列的值
res = models。userinfo。objects.values('name').all()
res ### query set[ {"name":'zekai'}, ....]
res = models.userinfo.objects.value_list('name').all()
res ### query set[(name),(), ]
一对多:
### 查询所有
res = models.userinfo.objects.all()
res### query set [ obj, obj, obj,....]
### 查询一个:
res = models.userinfo.objects.first()
### 正向查询
# res = models.UserInfo.objects.filter(name='zekai').all()
# res = models.UserInfo.objects.all()
# print(res) ### <QuerySet [<UserInfo: UserInfo object>]>
# for obj in res:
# print(obj.id, obj.name, obj.ut.title)
### 反向查询
### 需求: 查询usertype下所有类型的包含的人
# res = models.UserType.objects.all()
# print(res)### <QuerySet [<UserType: UserType object>, <UserType: UserType object>, <UserType: UserType object>]>
# ### 外键关联的表名小写_set.filter()
# for obj in res:
# print(
# obj.id, ## id = 1
# obj.title, ### 保安部
# obj.userinfo_set.all() #### models.UserInfo.objects.filter(ut_id=1).all()
# )
### 神奇的双下画线
## 跨表查询
res = models.UserInfo.objects.values('name', "ut__title")
print(res)
删
.delete()
改
.filter().update()
今日内容:
1. ORM
a.基本查
all()
values()
value_list()
b.高级查询
## 1. in
# res = models.UserInfo.objects.filter(id__in=[1,2,3])
# print(res)
## 2. not in
# res = models.UserInfo.objects.exclude(id__in=[1,2,3])
# print(res)
## 3. like
## where name like 'ze%' ## 以ze开头的所有的数据
### startswith: 以 某单词开头
### istartswith : ignore (忽略) 以 某单词开头 忽略大小写
# res = models.UserInfo.objects.filter(name__startswith="ze")
# res = models.UserInfo.objects.filter(name__istartswith="ze")
# print(res)
## where name like '%ze'
## endswith : 以 某个单词结尾
## iendswith: ignore (忽略) 以 某单词结尾 忽略大小写
# res = models.UserInfo.objects.filter(name__endswith='ze')
## where name like "%ze%"
### contains : 包含某一个单词
### icontains: 包含某一个单词 不区分大小写
# models.UserInfo.objects.filter(name__contains='ze')
### 4. between.. and..
### models.UserInfo.objects.filter(id__range=[1,2])
### 5. limit 10, 20
# models.UserInfo.objects.all()[开始位置:结束位置]
# models.UserInfo.objects.all()[0:10]
# models.UserInfo.objects.all()[10:20]
### 6. order by age asc, name desc
# res = models.UserInfo.objects.all().order_by('id') ## 默认升序
### 前面加一个 ‘-’ 代表 降序
# res = models.UserInfo.objects.all().order_by('-id','name')
# print(res.query)
### 7. group by
# from django.db.models import Count, Max, Min, Sum
# res = models.UserInfo.objects.values('name').annotate(xxx=Count('id'))
# print(res.query)
# SELECT "app01_userinfo"."id", COUNT("app01_userinfo"."name") AS "xxx"
# FROM "app01_userinfo"
# GROUP BY "app01_userinfo"."id";
#### 8. only: 只取某一个列的值
## SELECT "app01_userinfo"."id", "app01_userinfo"."name", "app01_userinfo"."age" FROM "app01_userinfo"
# res = models.UserInfo.objects.only('name', 'age').all()
# print(res) ## <QuerySet [<UserInfo: UserInfo object>, <UserInfo: UserInfo object>, <UserInfo: UserInfo object>, <UserInfo: UserInfo object>, <UserInfo: UserInfo object>, <UserInfo: UserInfo object>]>
### 9. defer: 除了这几列之外的所有列的值
### SELECT "app01_userinfo"."id", "app01_userinfo"."ut_id" FROM "app01_userinfo"
# res = models.UserInfo.objects.defer('id','name', 'age').all()
# print(res.query)
### 10.using: 想要使用哪个数据库, 就将这个数据库的配置名称写到using中
# models.UserInfo.objects.all().using("xxxx")
### 11. 表中总共多少条数据
# res = models.UserInfo.objects.count()
# print(res)
### 12. 第一条数据
# res = models.UserInfo.objects.first()
# print(res)
## 13.最后一条数据
# res = models.UserInfo.objects.last()
## 14.gt lt
# res = models.UserInfo.objects.filter(id__gt=3)
# res = models.UserInfo.objects.filter(id__gte=3)
# res = models.UserInfo.objects.filter(id__lt=3)
# res = models.UserInfo.objects.filter(id__lte=3)
### 15. and操作
# res = models.UserInfo.objects.filter(id=1, name='zekai')
# print(res.query)
### 16.or操作
# from django.db.models import Q
# res = models.UserInfo.objects.filter( Q(Q(id=1) | Q(name='zekai')) & Q(name='xxxx') )
# print(res.query)
### 17. 在原来的基础上更新值
# from django.db.models import F
# models.UserInfo.objects.update(age = F('age') + 1)
## 18。原生sql
# from django.db import connection
# cursor = connection.cursor()
# cursor.execute("select * from app01_userinfo where id=%s", [1,])
# # res = cursor.fetchall()
# # res = cursor.fetchone()
# # print(res)
## 19. 原生sql
# models.UserInfo.objects.raw('select * from app01_userinfo')
注意:
1. orm能实现的功能, 尽量使用orm实现
2. 不建议大家以后再自己的业务逻辑中, 混着用
c. 一对多关系操作:
正向查询和反向查询
__ 神奇的双下画线 跨表查询
d. 多对多关系:
自己写:
models.py:
class Boy(models.Model):
name = models.CharField(max_length=32, null=True)
class Girl(models.Model):
nick = models.CharField(max_length=32, null=True)
class Love(models.Model):
b = models.ForeignKey("Boy", null=True)
g = models.ForeignKey("Girl", null=True)
class Meta:
unique_together = [
('b', 'g')
]
views.py:
### 1. 查询和 勾洋 约会的 姑娘
# res = models.Boy.objects.filter(name='勾洋').first()
# # print(res) ### Boy object
# ### 反向查询 love中的相亲记录
# love_list = res.love_set.all() ## <QuerySet [<Love: Love object>, <Love: Love object>]>
# for obj in love_list:
# ### 正向查询 girl表中的nick
# print(obj.g.nick)
#### 2.查询和 勾洋 约会的 姑娘
# res = models.Love.objects.filter(b__name='勾洋').all()
# print(res) ## <QuerySet [<Love: Love object>, <Love: Love object>]>
# for obj in res:
# print(obj.g.nick)
### 3.查询和 勾洋 约会的 姑娘
res = models.Love.objects.filter(b__name='勾洋').values("g__nick")
print(res)
django:
通过 ManyToManyField() 来生成第三张表
models.py:
class Boy(models.Model):
name = models.CharField(max_length=32, null=True)
g = models.ManyToManyField('Girl', null=True)
class Girl(models.Model):
nick = models.CharField(max_length=32, null=True)
views.py:
### django
### 添加
obj = models.Boy.objects.filter(name='谢增城').first()
# print(obj)### Boy object
# obj.g.add(3)
# obj.g.add(*[1,2])
### 重置
# obj.g.set([4])
### 查询
# obj = models.Boy.objects.filter(name='谢增城').first()
# res = obj.g.all()
# print(res) ## <QuerySet [<Girl: Girl object>, <Girl: Girl object>, <Girl: Girl object>]>
# for obj in res:
# print(obj.nick)
## 删除
obj = models.Boy.objects.filter(name='谢增城').first()
obj.g.clear()
应该使用哪个?
注意: ManyToManyField 只能生成两个字段(boy_id 和 girl_id)
根据自己的业务逻辑去写
e.增
### 插入一条数据
models.xxx.objects.create(name='xxx')
### 插入多条数据
obj = [
models.UserInfo(name='zekai', age=12, ut_id=2),
models.UserInfo(name='xxxxx', age=13, ut_id=2),
models.UserInfo(name='dsadsa', age=14, ut_id=1),
models.UserInfo(name='gfdgfdg', age=24, ut_id=2),
models.UserInfo(name='tretre', age=45, ut_id=3),
models.UserInfo(name='gfdgfd', age=42, ut_id=2),
]
models.UserInfo.objects.bulk_create(obj)
f.删
models.xxxx.objects.all().delete()
models.xxxx.objects.filter(name='kkk').delete()
ps:
ut = models.ForeignKey("UserType", null=True, on_delete=models.CASCADE)
CASCADE: 设置级联删除
SET_NULL : 取消级联删除
g.改
models.userinfo.objects.filter(xxxx).update()
2. Xss攻击
全程:跨站脚本(js)攻击
原因:
用户输入的内容不可控
<script>1.获取用户的cookie 2. 发送这个cookie到黑客的数据库</script>
views.py:
msg = []
def comment(request):
if request.method == 'GET':
return render(request, "comment.html")
else:
comment = request.POST.get('comment')
msg.append(comment)
return render(request, "comment.html")
def show(request):
return render(request, 'show.html', {"msg":msg})
comment.html:
<form action="/comment/" method="post">
<input type="text" name="comment">
<input type="submit" value="提交">
</form>
show.html:
<ul>
{% for item in msg %}
<li>{{ item | safe }}</li>
{% endfor %}
</ul>
转载于:https://www.cnblogs.com/haojunliancheng/p/11196810.html
