Step 7: Adding Style
Now that everything else works, it's time to add some style to the
application. Just create a stylesheet called `style.css` in the `static`
folder we created before:
+<p>Now that everything else works, it&#8217;s time to add some style to the
+application. Just create a stylesheet called <cite>style.css</cite> in the <cite>static</cite>
+folder we created before:</p>
+<div class="highlight-css"><div class="highlight"><pre><span class="nt">body</span> <span class="p">{</span> <span class="k">font-family</span><span class="o">:</span> <span class="k">sans-serif</span><span class="p">;</span> <span class="k">background</span><span class="o">:</span> <span class="m">#eee</span><span class="p">;</span> <span class="p">}</span>
+<span class="nt">a</span><span class="o">,</span> <span class="nt">h1</span><span class="o">,</span> <span class="nt">h2</span> <span class="p">{</span> <span class="k">color</span><span class="o">:</span> <span class="m">#377BA8</span><span class="p">;</span> <span class="p">}</span>
+<span class="nt">h1</span><span class="o">,</span> <span class="nt">h2</span> <span class="p">{</span> <span class="k">font-family</span><span class="o">:</span> <span class="s1">&#39;Georgia&#39;</span><span class="o">,</span> <span class="k">serif</span><span class="p">;</span> <span class="k">margin</span><span class="o">:</span> <span class="m">0</span><span class="p">;</span> <span class="p">}</span>
+<span class="nt">h1</span> <span class="p">{</span> <span class="k">border-bottom</span><span class="o">:</span> <span class="m">2px</span> <span class="k">solid</span> <span class="m">#eee</span><span class="p">;</span> <span class="p">}</span>
+<span class="nt">h2</span> <span class="p">{</span> <span class="k">font-size</span><span class="o">:</span> <span class="m">1.2em</span><span class="p">;</span> <span class="p">}</span>
+<span class="nc">.page</span> <span class="p">{</span> <span class="k">margin</span><span class="o">:</span> <span class="m">2em</span> <span class="k">auto</span><span class="p">;</span> <span class="k">width</span><span class="o">:</span> <span class="m">35em</span><span class="p">;</span> <span class="k">border</span><span class="o">:</span> <span class="m">5px</span> <span class="k">solid</span> <span class="m">#ccc</span><span class="p">;</span>
+ <span class="k">padding</span><span class="o">:</span> <span class="m">0.8em</span><span class="p">;</span> <span class="k">background</span><span class="o">:</span> <span class="nb">white</span><span class="p">;</span> <span class="p">}</span>
+<span class="nc">.entries</span> <span class="p">{</span> <span class="k">list-style</span><span class="o">:</span> <span class="k">none</span><span class="p">;</span> <span class="k">margin</span><span class="o">:</span> <span class="m">0</span><span class="p">;</span> <span class="k">padding</span><span class="o">:</span> <span class="m">0</span><span class="p">;</span> <span class="p">}</span>
+<span class="nc">.entries</span> <span class="nt">li</span> <span class="p">{</span> <span class="k">margin</span><span class="o">:</span> <span class="m">0.8em</span> <span class="m">1.2em</span><span class="p">;</span> <span class="p">}</span>
+<span class="nc">.entries</span> <span class="nt">li</span> <span class="nt">h2</span> <span class="p">{</span> <span class="k">margin-left</span><span class="o">:</span> <span class="m">-1em</span><span class="p">;</span> <span class="p">}</span>
+<span class="nc">.add-entry</span> <span class="p">{</span> <span class="k">font-size</span><span class="o">:</span> <span class="m">0.9em</span><span class="p">;</span> <span class="k">border-bottom</span><span class="o">:</span> <span class="m">1px</span> <span class="k">solid</span> <span class="m">#ccc</span><span class="p">;</span> <span class="p">}</span>
+<span class="nc">.add-entry</span> <span class="nt">dl</span> <span class="p">{</span> <span class="k">font-weight</span><span class="o">:</span> <span class="k">bold</span><span class="p">;</span> <span class="p">}</span>
+<span class="nc">.metanav</span> <span class="p">{</span> <span class="k">text-align</span><span class="o">:</span> <span class="k">right</span><span class="p">;</span> <span class="k">font-size</span><span class="o">:</span> <span class="m">0.8em</span><span class="p">;</span> <span class="k">padding</span><span class="o">:</span> <span class="m">0.3em</span><span class="p">;</span>
+ <span class="k">margin-bottom</span><span class="o">:</span> <span class="m">1em</span><span class="p">;</span> <span class="k">background</span><span class="o">:</span> <span class="m">#fafafa</span><span class="p">;</span> <span class="p">}</span>
+<span class="nc">.flash</span> <span class="p">{</span> <span class="k">background</span><span class="o">:</span> <span class="m">#CEE5F5</span><span class="p">;</span> <span class="k">padding</span><span class="o">:</span> <span class="m">0.5em</span><span class="p">;</span>
+ <span class="k">border</span><span class="o">:</span> <span class="m">1px</span> <span class="k">solid</span> <span class="m">#AACBE2</span><span class="p">;</span> <span class="p">}</span>
+<span class="nc">.error</span> <span class="p">{</span> <span class="k">background</span><span class="o">:</span> <span class="m">#F0D6D6</span><span class="p">;</span> <span class="k">padding</span><span class="o">:</span> <span class="m">0.5em</span><span class="p">;</span> <span class="p">}</span>
Continue with Bonus: Testing the Application.
Step 4: Request Database Connections
Now we know how we can open database connections and use them for scripts,
but how can we elegantly do that for requests? We will need the database
connection in all our functions so it makes sense to initialize them
before each request and shut them down afterwards.
Flask allows us to do that with the before_request(),
after_request() and teardown_request()
decorators:
+but how can we elegantly do that for requests? We will need the database
+connection in all our functions so it makes sense to initialize them
+before each request and shut them down afterwards.</p>
+<p>Flask allows us to do that with the <a class="reference internal" href="../api.html#flask.Flask.before_request" title="flask.Flask.before_request"><tt class="xref py py-meth docutils literal"><span class="pre">before_request()</span></tt></a>,
+<a class="reference internal" href="../api.html#flask.Flask.after_request" title="flask.Flask.after_request"><tt class="xref py py-meth docutils literal"><span class="pre">after_request()</span></tt></a> and <a class="reference internal" href="../api.html#flask.Flask.teardown_request" title="flask.Flask.teardown_request"><tt class="xref py py-meth docutils literal"><span class="pre">teardown_request()</span></tt></a>
+<div class="highlight-python"><div class="highlight"><pre><span class="nd">@app.before_request</span>
+<span class="k">def</span> <span class="nf">before_request</span><span class="p">():</span>
+ <span class="n">g</span><span class="o">.</span><span class="n">db</span> <span class="o">=</span> <span class="n">connect_db</span><span class="p">()</span>
+<span class="nd">@app.teardown_request</span>
+<span class="k">def</span> <span class="nf">teardown_request</span><span class="p">(</span><span class="n">exception</span><span class="p">):</span>
+ <span class="n">g</span><span class="o">.</span><span class="n">db</span><span class="o">.</span><span class="n">close</span><span class="p">()</span>
+<p>Functions marked with <a class="reference internal" href="../api.html#flask.Flask.before_request" title="flask.Flask.before_request"><tt class="xref py py-meth docutils literal"><span class="pre">before_request()</span></tt></a> are called before
+a request and passed no arguments. Functions marked with
+<a class="reference internal" href="../api.html#flask.Flask.after_request" title="flask.Flask.after_request"><tt class="xref py py-meth docutils literal"><span class="pre">after_request()</span></tt></a> are called after a request and
+passed the response that will be sent to the client. They have to return
+that response object or a different one. They are however not guaranteed
+to be executed if an exception is raised, this is where functions marked with
+<a class="reference internal" href="../api.html#flask.Flask.teardown_request" title="flask.Flask.teardown_request"><tt class="xref py py-meth docutils literal"><span class="pre">teardown_request()</span></tt></a> come in. They get called after the
+response has been constructed. They are not allowed to modify the request, and
+their return values are ignored. If an exception occurred while the request was
+being processed, it is passed to each function; otherwise, <cite>None</cite> is passed in.</p>
+<p>We store our current database connection on the special <a class="reference internal" href="../api.html#flask.g" title="flask.g"><tt class="xref py py-data docutils literal"><span class="pre">g</span></tt></a>
+object that Flask provides for us. This object stores information for one
+request only and is available from within each function. Never store such
+things on other objects because this would not work with threaded
+environments. That special <a class="reference internal" href="../api.html#flask.g" title="flask.g"><tt class="xref py py-data docutils literal"><span class="pre">g</span></tt></a> object does some magic behind
+the scenes to ensure it does the right thing.</p>
Continue to Step 5: The View Functions.
Hint
+<p class="first admonition-title">Hint</p>
+<p>Where do I put this code?</p>
+<p>If you&#8217;ve been following along in this tutorial, you might be wondering
+where to put the code from this step and the next. A logical place is to
+group these module-level functions together, and put your new
+<tt class="docutils literal"><span class="pre">before_request</span></tt> and <tt class="docutils literal"><span class="pre">teardown_request</span></tt> functions below your existing
+<tt class="docutils literal"><span class="pre">init_db</span></tt> function (following the tutorial line-by-line).</p>
+<p class="last">If you need a moment to find your bearings, take a look at how the <a class="reference external" href="http://github.com/mitsuhiko/flask/tree/master/examples/flaskr/">example
+source</a> is organized. In Flask, you can put all of your application code
+into a single Python module. You don&#8217;t have to, and if your app <a class="reference internal" href="../patterns/packages.html#larger-applications"><em>grows
+larger</em></a>, it&#8217;s a good idea not to.</p>
+ </div>
Step 3: Creating The Database
+<span id="tutorial-dbinit"></span><h1>Step 3: Creating The Database<a class="headerlink" href="#step-3-creating-the-database" title="Permalink to this headline">¶</a></h1>
Such a schema can be created by piping the `schema.sql` file into the
`sqlite3` command as follows:
+precisely, an application powered by a relational database system. Such
+systems need a schema that tells them how to store that information. So
+before starting the server for the first time it&#8217;s important to create
+that schema.</p>
+<p>Such a schema can be created by piping the <cite>schema.sql</cite> file into the
+<cite>sqlite3</cite> command as follows:</p>
+<div class="highlight-python"><div class="highlight"><pre><span class="n">sqlite3</span> <span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">flaskr</span><span class="o">.</span><span class="n">db</span> <span class="o">&lt;</span> <span class="n">schema</span><span class="o">.</span><span class="n">sql</span>
+<p>The downside of this is that it requires the sqlite3 command to be
+installed which is not necessarily the case on every system. Also one has
+to provide the path to the database there which leaves some place for
+errors. It&#8217;s a good idea to add a function that initializes the database
+for you to the application.</p>
+<p>If you want to do that, you first have to import the
+<a class="reference external" href="http://docs.python.org/dev/library/contextlib.html#contextlib.closing" title="(in Python v3.3)"><tt class="xref py py-func docutils literal"><span class="pre">contextlib.closing()</span></tt></a> function from the contextlib package. If you
+want to use Python 2.5 it&#8217;s also necessary to enable the <cite>with</cite> statement
+first (<cite>__future__</cite> imports must be the very first import):</p>
+<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">__future__</span> <span class="kn">import</span> <span class="n">with_statement</span>
+<span class="kn">from</span> <span class="nn">contextlib</span> <span class="kn">import</span> <span class="n">closing</span>
+<p>Next we can create a function called <cite>init_db</cite> that initializes the
+database. For this we can use the <cite>connect_db</cite> function we defined
+earlier. Just add that function below the <cite>connect_db</cite> function:</p>
+<div class="highlight-python"><div class="highlight"><pre><span class="k">def</span> <span class="nf">init_db</span><span class="p">():</span>
+ <span class="k">with</span> <span class="n">closing</span><span class="p">(</span><span class="n">connect_db</span><span class="p">())</span> <span class="k">as</span> <span class="n">db</span><span class="p">:</span>
+ <span class="k">with</span> <span class="n">app</span><span class="o">.</span><span class="n">open_resource</span><span class="p">(</span><span class="s">&#39;schema.sql&#39;</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span>
+ <span class="n">db</span><span class="o">.</span><span class="n">cursor</span><span class="p">()</span><span class="o">.</span><span class="n">executescript</span><span class="p">(</span><span class="n">f</span><span class="o">.</span><span class="n">read</span><span class="p">())</span>
+ <span class="n">db</span><span class="o">.</span><span class="n">commit</span><span class="p">()</span>
+<p>The <a class="reference external" href="http://docs.python.org/dev/library/contextlib.html#contextlib.closing" title="(in Python v3.3)"><tt class="xref py py-func docutils literal"><span class="pre">closing()</span></tt></a> helper function allows us to keep a
+connection open for the duration of the <cite>with</cite> block. The
+<a class="reference internal" href="../api.html#flask.Flask.open_resource" title="flask.Flask.open_resource"><tt class="xref py py-func docutils literal"><span class="pre">open_resource()</span></tt></a> method of the application object
+supports that functionality out of the box, so it can be used in the
+<cite>with</cite> block directly. This function opens a file from the resource
+location (your <cite>flaskr</cite> folder) and allows you to read from it. We are
+using this here to execute a script on the database connection.</p>
+<p>When we connect to a database we get a connection object (here called
+<cite>db</cite>) that can give us a cursor. On that cursor there is a method to
+execute a complete script. Finally we only have to commit the changes.
+SQLite 3 and other transactional databases will not commit unless you
+explicitly tell it to.</p>
Now it is possible to create a database by starting up a Python shell and
importing and calling that function:
+importing and calling that function:</p>
+<div class="highlight-python"><div class="highlight"><pre><span class="gp">&gt;&gt;&gt; </span><span class="kn">from</span> <span class="nn">flaskr</span> <span class="kn">import</span> <span class="n">init_db</span>
+<span class="gp">&gt;&gt;&gt; </span><span class="n">init_db</span><span class="p">()</span>
Troubleshooting
+<p class="first admonition-title">Troubleshooting</p>
+<p class="last">If you get an exception later that a table cannot be found check that
+you did call the <cite>init_db</cite> function and that your table names are
+correct (singular vs. plural for example).</p>
Continue with Step 4: Request Database Connections
Step 0: Creating The Folders
Before we get started, let's create the folders needed for this
application:
+<p>Before we get started, let&#8217;s create the folders needed for this
+<div class="highlight-python"><pre>/flaskr
+ /static
+ /templates</pre>
+<p>The <cite>flaskr</cite> folder is not a python package, but just something where we
+drop our files. Directly into this folder we will then put our database
+schema as well as main module in the following steps. The files inside
+the <cite>static</cite> folder are available to users of the application via <cite>HTTP</cite>.
+This is the place where css and javascript files go. Inside the
+<cite>templates</cite> folder Flask will look for <a class="reference external" href="http://jinja.pocoo.org/2/">Jinja2</a> templates. The
+templates you create later in the tutorial will go in this directory.</p>
Continue with Step 1: Database Schema.
Tutorial
+<span id="id1"></span><h1>Tutorial<a class="headerlink" href="#tutorial" title="Permalink to this headline">¶</a></h1>
If you want the full sourcecode in advance or for comparison, check out
the example source.
+the chance to learn that by example. In this tutorial we will create a
+simple microblog application. It only supports one user that can create
+text-only entries and there are no feeds or comments, but it still
+features everything you need to get started. We will use Flask and SQLite
+as database which comes out of the box with Python, so there is nothing
+else you need.</p>
+<p>If you want the full sourcecode in advance or for comparison, check out
+the <a class="reference external" href="http://github.com/mitsuhiko/flask/tree/master/examples/flaskr/">example source</a>.</p>
+<div class="toctree-wrapper compound">
+<li class="toctree-l1"><a class="reference internal" href="introduction.html">Introducing Flaskr</a></li>
+<li class="toctree-l1"><a class="reference internal" href="folders.html">Step 0: Creating The Folders</a></li>
+<li class="toctree-l1"><a class="reference internal" href="schema.html">Step 1: Database Schema</a></li>
+<li class="toctree-l1"><a class="reference internal" href="setup.html">Step 2: Application Setup Code</a></li>
+<li class="toctree-l1"><a class="reference internal" href="dbinit.html">Step 3: Creating The Database</a></li>
+<li class="toctree-l1"><a class="reference internal" href="dbcon.html">Step 4: Request Database Connections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="views.html">Step 5: The View Functions</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="views.html#show-entries">Show Entries</a></li>
+<li class="toctree-l2"><a class="reference internal" href="views.html#add-new-entry">Add New Entry</a></li>
+<li class="toctree-l2"><a class="reference internal" href="views.html#login-and-logout">Login and Logout</a></li>
+<li class="toctree-l1"><a class="reference internal" href="templates.html">Step 6: The Templates</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="templates.html#layout-html">layout.html</a></li>
+<li class="toctree-l2"><a class="reference internal" href="templates.html#show-entries-html">show_entries.html</a></li>
+<li class="toctree-l2"><a class="reference internal" href="templates.html#login-html">login.html</a></li>
+<li class="toctree-l1"><a class="reference internal" href="css.html">Step 7: Adding Style</a></li>
+<li class="toctree-l1"><a class="reference internal" href="testing.html">Bonus: Testing the Application</a></li>
Introducing Flaskr
We will call our blogging application flaskr here, feel free to chose a
less web-2.0-ish name ;) Basically we want it to do the following things:
+<p>We will call our blogging application flaskr here, feel free to chose a
+less web-2.0-ish name ;) Basically we want it to do the following things:</p>
+<ol class="arabic simple">
+<li>let the user sign in and out with credentials specified in the
+configuration. Only one user is supported.</li>
+<li>when the user is logged in they can add new entries to the page
+consisting of a text-only title and some HTML for the text. This HTML
+is not sanitized because we trust the user here.</li>
+<li>the page shows all entries so far in reverse order (newest on top) and
+the user can add new ones from there if logged in.</li>
+<p>We will be using SQLite3 directly for that application because it&#8217;s good
+enough for an application of that size. For larger applications however
+it makes a lot of sense to use <a class="reference external" href="http://www.sqlalchemy.org/">SQLAlchemy</a> that handles database
+connections in a more intelligent way, allows you to target different
+relational databases at once and more. You might also want to consider
+one of the popular NoSQL databases if your data is more suited for those.</p>
Here a screenshot from the final application:
+<img alt="screenshot of the final application" class="screenshot align-center" src="../_images/flaskr.png" />
Continue with Step 0: Creating The Folders.
Step 1: Database Schema
+<span id="tutorial-schema"></span><h1>Step 1: Database Schema<a class="headerlink" href="#step-1-database-schema" title="Permalink to this headline">¶</a></h1>
+<p>First we want to create the database schema. For this application only a
+single table is needed and we only want to support SQLite so that is quite
+easy. Just put the following contents into a file named <cite>schema.sql</cite> in
+the just created <cite>flaskr</cite> folder:</p>
+<div class="highlight-sql"><div class="highlight"><pre><span class="k">drop</span> <span class="k">table</span> <span class="n">if</span> <span class="k">exists</span> <span class="n">entries</span><span class="p">;</span>
+<span class="k">create</span> <span class="k">table</span> <span class="n">entries</span> <span class="p">(</span>
+ <span class="n">id</span> <span class="nb">integer</span> <span class="k">primary</span> <span class="k">key</span> <span class="n">autoincrement</span><span class="p">,</span>
+ <span class="n">title</span> <span class="n">string</span> <span class="k">not</span> <span class="k">null</span><span class="p">,</span>
+ <span class="nb">text</span> <span class="n">string</span> <span class="k">not</span> <span class="k">null</span>
+<span class="p">);</span>
+<p>This schema consists of a single table called <cite>entries</cite> and each row in
+this table has an <cite>id</cite>, a <cite>title</cite> and a <cite>text</cite>. The <cite>id</cite> is an
+automatically incrementing integer and a primary key, the other two are
+strings that must not be null.</p>
Continue with Step 2: Application Setup Code.
Step 2: Application Setup Code
+<span id="tutorial-setup"></span><h1>Step 2: Application Setup Code<a class="headerlink" href="#step-2-application-setup-code" title="Permalink to this headline">¶</a></h1>
+<p>Now that we have the schema in place we can create the application module.
+Let&#8217;s call it <cite>flaskr.py</cite> inside the <cite>flaskr</cite> folder. For starters we
+will add the imports we will need as well as the config section. For
+small applications it&#8217;s a possibility to drop the configuration directly
+into the module which we will be doing here. However a cleaner solution
+would be to create a separate <cite>.ini</cite> or <cite>.py</cite> file and load that or import
+the values from there.</p>
+<div class="highlight-python"><div class="highlight"><pre><span class="c"># all the imports</span>
+<span class="kn">import</span> <span class="nn">sqlite3</span>
+<span class="kn">from</span> <span class="nn">flask</span> <span class="kn">import</span> <span class="n">Flask</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">session</span><span class="p">,</span> <span class="n">g</span><span class="p">,</span> <span class="n">redirect</span><span class="p">,</span> <span class="n">url_for</span><span class="p">,</span> \
+ <span class="n">abort</span><span class="p">,</span> <span class="n">render_template</span><span class="p">,</span> <span class="n">flash</span>
+<span class="c"># configuration</span>
+<span class="n">DATABASE</span> <span class="o">=</span> <span class="s">&#39;/tmp/flaskr.db&#39;</span>
+<span class="n">DEBUG</span> <span class="o">=</span> <span class="bp">True</span>
+<span class="n">SECRET_KEY</span> <span class="o">=</span> <span class="s">&#39;development key&#39;</span>
+<span class="n">USERNAME</span> <span class="o">=</span> <span class="s">&#39;admin&#39;</span>
+<span class="n">PASSWORD</span> <span class="o">=</span> <span class="s">&#39;default&#39;</span>
Next we can create our actual application and initialize it with the
config from the same file:
+config from the same file:</p>
+<div class="highlight-python"><div class="highlight"><pre><span class="c"># create our little application :)</span>
+<span class="n">app</span> <span class="o">=</span> <span class="n">Flask</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span>
+<span class="n">app</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">from_object</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span>
from_object() will look at the given object (if it's a
string it will import it) and then look for all uppercase variables
defined there. In our case, the configuration we just wrote a few lines
of code above. You can also move that into a separate file.
+string it will import it) and then look for all uppercase variables
+defined there. In our case, the configuration we just wrote a few lines
+of code above. You can also move that into a separate file.</p>
+<p>It is also a good idea to be able to load a configuration from a
+configurable file. This is what <a class="reference internal" href="../api.html#flask.Config.from_envvar" title="flask.Config.from_envvar"><tt class="xref py py-meth docutils literal"><span class="pre">from_envvar()</span></tt></a> can
+<div class="highlight-python"><div class="highlight"><pre><span class="n">app</span><span class="o">.</span><span class="n">config</span><span class="o">.</span><span class="n">from_envvar</span><span class="p">(</span><span class="s">&#39;FLASKR_SETTINGS&#39;</span><span class="p">,</span> <span class="n">silent</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span>
+<p>That way someone can set an environment variable called
+<span class="target" id="index-0"></span><tt class="xref std std-envvar docutils literal"><span class="pre">FLASKR_SETTINGS</span></tt> to specify a config file to be loaded which will
+then override the default values. The silent switch just tells Flask to
+not complain if no such environment key is set.</p>
+<p>The <cite>secret_key</cite> is needed to keep the client-side sessions secure.
+Choose that key wisely and as hard to guess and complex as possible. The
+debug flag enables or disables the interactive debugger. Never leave
+debug mode activated in a production system because it will allow users to
+execute code on the server!</p>
+<p>We also add a method to easily connect to the database specified. That
+can be used to open a connection on request and also from the interactive
+Python shell or a script. This will come in handy later.</p>
+<div class="highlight-python"><div class="highlight"><pre><span class="k">def</span> <span class="nf">connect_db</span><span class="p">():</span>
+ <span class="k">return</span> <span class="n">sqlite3</span><span class="o">.</span><span class="n">connect</span><span class="p">(</span><span class="n">app</span><span class="o">.</span><span class="n">config</span><span class="p">[</span><span class="s">&#39;DATABASE&#39;</span><span class="p">])</span>
+<p>Finally we just add a line to the bottom of the file that fires up the
+server if we want to run that file as a standalone application:</p>
+<div class="highlight-python"><div class="highlight"><pre><span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="s">&#39;__main__&#39;</span><span class="p">:</span>
+ <span class="n">app</span><span class="o">.</span><span class="n">run</span><span class="p">()</span>
+<p>With that out of the way you should be able to start up the application
+without problems. Do this with the following command:</p>
+<div class="highlight-python"><pre>python flaskr.py</pre>
You will see a message telling you that server has started along with
the address at which you can access it.
+the address at which you can access it.</p>
+<p>When you head over to the server in your browser you will get an 404
+page not found error because we don&#8217;t have any views yet. But we will
+focus on that a little later. First we should get the database working.</p>
Externally Visible Server
+<p class="first admonition-title">Externally Visible Server</p>
+<p class="last">Want your server to be publicly available? Check out the
+<a class="reference internal" href="../quickstart.html#public-server"><em>externally visible server</em></a> section for more
Continue with Step 3: Creating The Database.
Step 6: The Templates
+<span id="tutorial-templates"></span><h1>Step 6: The Templates<a class="headerlink" href="#step-6-the-templates" title="Permalink to this headline">¶</a></h1>
+<p>Now we should start working on the templates. If we request the URLs now
+we would only get an exception that Flask cannot find the templates. The
+templates are using <a class="reference external" href="http://jinja.pocoo.org/2/documentation/templates">Jinja2</a> syntax and have autoescaping enabled by
+default. This means that unless you mark a value in the code with
+<a class="reference internal" href="../api.html#flask.Markup" title="flask.Markup"><tt class="xref py py-class docutils literal"><span class="pre">Markup</span></tt></a> or with the <tt class="docutils literal"><span class="pre">|safe</span></tt> filter in the template,
+Jinja2 will ensure that special characters such as <tt class="docutils literal"><span class="pre">&lt;</span></tt> or <tt class="docutils literal"><span class="pre">&gt;</span></tt> are
+escaped with their XML equivalents.</p>
We are also using template inheritance which makes it possible to reuse
the layout of the website in all pages.
+the layout of the website in all pages.</p>
Put the following templates into the `templates` folder:
layout.html
+<h2>layout.html<a class="headerlink" href="#layout-html" title="Permalink to this headline">¶</a></h2>
+<p>This template contains the HTML skeleton, the header and a link to log in
+(or log out if the user was already logged in). It also displays the
+flashed messages if there are any. The <tt class="docutils literal"><span class="pre">{%</span> <span class="pre">block</span> <span class="pre">body</span> <span class="pre">%}</span></tt> block can be
+replaced by a block of the same name (<tt class="docutils literal"><span class="pre">body</span></tt>) in a child template.</p>
The session dict is available in the template as well and
you can use that to check if the user is logged in or not. Note that in
Jinja you can access missing attributes and items of objects / dicts which
makes the following code work, even if there is no `'logged_in'` key in
the session:
+you can use that to check if the user is logged in or not. Note that in
+Jinja you can access missing attributes and items of objects / dicts which
+makes the following code work, even if there is no <tt class="docutils literal"><span class="pre">'logged_in'</span></tt> key in
+the session:</p>
+<div class="highlight-html+jinja"><div class="highlight"><pre><span class="cp">&lt;!doctype html&gt;</span>
+<span class="nt">&lt;title&gt;</span>Flaskr<span class="nt">&lt;/title&gt;</span>
+<span class="nt">&lt;link</span> <span class="na">rel=</span><span class="s">stylesheet</span> <span class="na">type=</span><span class="s">text/css</span> <span class="na">href=</span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">url_for</span><span class="o">(</span><span class="s1">&#39;static&#39;</span><span class="o">,</span> <span class="nv">filename</span><span class="o">=</span><span class="s1">&#39;style.css&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="nt">&gt;</span>
+<span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">page</span><span class="nt">&gt;</span>
+ <span class="nt">&lt;h1&gt;</span>Flaskr<span class="nt">&lt;/h1&gt;</span>
+ <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">metanav</span><span class="nt">&gt;</span>
+ <span class="cp">{%</span> <span class="k">if</span> <span class="k">not</span> <span class="nv">session.logged_in</span> <span class="cp">%}</span>
+ <span class="nt">&lt;a</span> <span class="na">href=</span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">url_for</span><span class="o">(</span><span class="s1">&#39;login&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="nt">&gt;</span>log in<span class="nt">&lt;/a&gt;</span>
+ <span class="cp">{%</span> <span class="k">else</span> <span class="cp">%}</span>
+ <span class="nt">&lt;a</span> <span class="na">href=</span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">url_for</span><span class="o">(</span><span class="s1">&#39;logout&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span><span class="nt">&gt;</span>log out<span class="nt">&lt;/a&gt;</span>
+ <span class="cp">{%</span> <span class="k">endif</span> <span class="cp">%}</span>
+ <span class="nt">&lt;/div&gt;</span>
+ <span class="cp">{%</span> <span class="k">for</span> <span class="nv">message</span> <span class="k">in</span> <span class="nv">get_flashed_messages</span><span class="o">()</span> <span class="cp">%}</span>
+ <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">flash</span><span class="nt">&gt;</span><span class="cp">{{</span> <span class="nv">message</span> <span class="cp">}}</span><span class="nt">&lt;/div&gt;</span>
+ <span class="cp">{%</span> <span class="k">endfor</span> <span class="cp">%}</span>
+ <span class="cp">{%</span> <span class="k">block</span> <span class="nv">body</span> <span class="cp">%}{%</span> <span class="k">endblock</span> <span class="cp">%}</span>
+<span class="nt">&lt;/div&gt;</span>
show_entries.html
+<h2>show_entries.html<a class="headerlink" href="#show-entries-html" title="Permalink to this headline">¶</a></h2>
+<p>This template extends the <cite>layout.html</cite> template from above to display the
+messages. Note that the <cite>for</cite> loop iterates over the messages we passed
+in with the <a class="reference internal" href="../api.html#flask.render_template" title="flask.render_template"><tt class="xref py py-func docutils literal"><span class="pre">render_template()</span></tt></a> function. We also tell the
+form to submit to your <cite>add_entry</cite> function and use <cite>POST</cite> as <cite>HTTP</cite>
+<div class="highlight-html+jinja"><div class="highlight"><pre><span class="cp">{%</span> <span class="k">extends</span> <span class="s2">&quot;layout.html&quot;</span> <span class="cp">%}</span>
+<span class="cp">{%</span> <span class="k">block</span> <span class="nv">body</span> <span class="cp">%}</span>
+ <span class="cp">{%</span> <span class="k">if</span> <span class="nv">session.logged_in</span> <span class="cp">%}</span>
+ <span class="nt">&lt;form</span> <span class="na">action=</span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">url_for</span><span class="o">(</span><span class="s1">&#39;add_entry&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span> <span class="na">method=</span><span class="s">post</span> <span class="na">class=</span><span class="s">add-entry</span><span class="nt">&gt;</span>
+ <span class="nt">&lt;dl&gt;</span>
+ <span class="nt">&lt;dt&gt;</span>Title:
+ <span class="nt">&lt;dd&gt;&lt;input</span> <span class="na">type=</span><span class="s">text</span> <span class="na">size=</span><span class="s">30</span> <span class="na">name=</span><span class="s">title</span><span class="nt">&gt;</span>
+ <span class="nt">&lt;dt&gt;</span>Text:
+ <span class="nt">&lt;dd&gt;&lt;textarea</span> <span class="na">name=</span><span class="s">text</span> <span class="na">rows=</span><span class="s">5</span> <span class="na">cols=</span><span class="s">40</span><span class="nt">&gt;&lt;/textarea&gt;</span>
+ <span class="nt">&lt;dd&gt;&lt;input</span> <span class="na">type=</span><span class="s">submit</span> <span class="na">value=</span><span class="s">Share</span><span class="nt">&gt;</span>
+ <span class="nt">&lt;/dl&gt;</span>
+ <span class="nt">&lt;/form&gt;</span>
+ <span class="cp">{%</span> <span class="k">endif</span> <span class="cp">%}</span>
+ <span class="nt">&lt;ul</span> <span class="na">class=</span><span class="s">entries</span><span class="nt">&gt;</span>
+ <span class="cp">{%</span> <span class="k">for</span> <span class="nv">entry</span> <span class="k">in</span> <span class="nv">entries</span> <span class="cp">%}</span>
+ <span class="nt">&lt;li&gt;&lt;h2&gt;</span><span class="cp">{{</span> <span class="nv">entry.title</span> <span class="cp">}}</span><span class="nt">&lt;/h2&gt;</span><span class="cp">{{</span> <span class="nv">entry.text</span><span class="o">|</span><span class="nf">safe</span> <span class="cp">}}</span>
+ <span class="cp">{%</span> <span class="k">else</span> <span class="cp">%}</span>
+ <span class="nt">&lt;li&gt;&lt;em&gt;</span>Unbelievable. No entries here so far<span class="nt">&lt;/em&gt;</span>
+ <span class="cp">{%</span> <span class="k">endfor</span> <span class="cp">%}</span>
+ <span class="nt">&lt;/ul&gt;</span>
+<span class="cp">{%</span> <span class="k">endblock</span> <span class="cp">%}</span>
login.html
Finally the login template which basically just displays a form to allow
the user to login:
+<p>Finally the login template which basically just displays a form to allow
+the user to login:</p>
+<div class="highlight-html+jinja"><div class="highlight"><pre><span class="cp">{%</span> <span class="k">extends</span> <span class="s2">&quot;layout.html&quot;</span> <span class="cp">%}</span>
+<span class="cp">{%</span> <span class="k">block</span> <span class="nv">body</span> <span class="cp">%}</span>
+ <span class="nt">&lt;h2&gt;</span>Login<span class="nt">&lt;/h2&gt;</span>
+ <span class="cp">{%</span> <span class="k">if</span> <span class="nv">error</span> <span class="cp">%}</span><span class="nt">&lt;p</span> <span class="na">class=</span><span class="s">error</span><span class="nt">&gt;&lt;strong&gt;</span>Error:<span class="nt">&lt;/strong&gt;</span> <span class="cp">{{</span> <span class="nv">error</span> <span class="cp">}}{%</span> <span class="k">endif</span> <span class="cp">%}</span>
+ <span class="nt">&lt;form</span> <span class="na">action=</span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">url_for</span><span class="o">(</span><span class="s1">&#39;login&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="s">&quot;</span> <span class="na">method=</span><span class="s">post</span><span class="nt">&gt;</span>
+ <span class="nt">&lt;dl&gt;</span>
+ <span class="nt">&lt;dt&gt;</span>Username:
+ <span class="nt">&lt;dd&gt;&lt;input</span> <span class="na">type=</span><span class="s">text</span> <span class="na">name=</span><span class="s">username</span><span class="nt">&gt;</span>
+ <span class="nt">&lt;dt&gt;</span>Password:
+ <span class="nt">&lt;dd&gt;&lt;input</span> <span class="na">type=</span><span class="s">password</span> <span class="na">name=</span><span class="s">password</span><span class="nt">&gt;</span>
+ <span class="nt">&lt;dd&gt;&lt;input</span> <span class="na">type=</span><span class="s">submit</span> <span class="na">value=</span><span class="s">Login</span><span class="nt">&gt;</span>
+ <span class="nt">&lt;/dl&gt;</span>
+ <span class="nt">&lt;/form&gt;</span>
+<span class="cp">{%</span> <span class="k">endblock</span> <span class="cp">%}</span>
Continue with Step 7: Adding Style.
Bonus: Testing the Application
+<span id="tutorial-testing"></span><h1>Bonus: Testing the Application<a class="headerlink" href="#bonus-testing-the-application" title="Permalink to this headline">¶</a></h1>
+<p>Now that you have finished the application and everything works as
+expected, it&#8217;s probably not a bad idea to add automated tests to simplify
+modifications in the future. The application above is used as a basic
+example of how to perform unittesting in the <a class="reference internal" href="../testing.html#testing"><em>Testing Flask Applications</em></a> section of the
+documentation. Go there to see how easy it is to test Flask applications.</p>
Step 5: The View Functions
Now that the database connections are working we can start writing the
view functions. We will need four of them:
+<p>Now that the database connections are working we can start writing the
+view functions. We will need four of them:</p>
Show Entries
+<h2>Show Entries<a class="headerlink" href="#show-entries" title="Permalink to this headline">¶</a></h2>
+<p>This view shows all the entries stored in the database. It listens on the
+root of the application and will select title and text from the database.
+The one with the highest id (the newest entry) will be on top. The rows
+returned from the cursor are tuples with the columns ordered like specified
+in the select statement. This is good enough for small applications like
+here, but you might want to convert them into a dict. If you are
+interested in how to do that, check out the <a class="reference internal" href="../patterns/sqlite3.html#easy-querying"><em>Easy Querying</em></a> example.</p>
+<p>The view function will pass the entries as dicts to the
+<cite>show_entries.html</cite> template and return the rendered one:</p>
+<div class="highlight-python"><div class="highlight"><pre><span class="nd">@app.route</span><span class="p">(</span><span class="s">&#39;/&#39;</span><span class="p">)</span>
+<span class="k">def</span> <span class="nf">show_entries</span><span class="p">():</span>
+ <span class="n">cur</span> <span class="o">=</span> <span class="n">g</span><span class="o">.</span><span class="n">db</span><span class="o">.</span><span class="n">execute</span><span class="p">(</span><span class="s">&#39;select title, text from entries order by id desc&#39;</span><span class="p">)</span>
+ <span class="n">entries</span> <span class="o">=</span> <span class="p">[</span><span class="nb">dict</span><span class="p">(</span><span class="n">title</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="mi">0</span><span class="p">],</span> <span class="n">text</span><span class="o">=</span><span class="n">row</span><span class="p">[</span><span class="mi">1</span><span class="p">])</span> <span class="k">for</span> <span class="n">row</span> <span class="ow">in</span> <span class="n">cur</span><span class="o">.</span><span class="n">fetchall</span><span class="p">()]</span>
+ <span class="k">return</span> <span class="n">render_template</span><span class="p">(</span><span class="s">&#39;show_entries.html&#39;</span><span class="p">,</span> <span class="n">entries</span><span class="o">=</span><span class="n">entries</span><span class="p">)</span>
+<div class="section" id="add-new-entry">
+<h2>Add New Entry<a class="headerlink" href="#add-new-entry" title="Permalink to this headline">¶</a></h2>
+<p>This view lets the user add new entries if they are logged in. This only
+responds to <cite>POST</cite> requests, the actual form is shown on the
+<cite>show_entries</cite> page. If everything worked out well we will
+<a class="reference internal" href="../api.html#flask.flash" title="flask.flash"><tt class="xref py py-func docutils literal"><span class="pre">flash()</span></tt></a> an information message to the next request and
+redirect back to the <cite>show_entries</cite> page:</p>
+<div class="highlight-python"><div class="highlight"><pre><span class="nd">@app.route</span><span class="p">(</span><span class="s">&#39;/add&#39;</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="s">&#39;POST&#39;</span><span class="p">])</span>
+<span class="k">def</span> <span class="nf">add_entry</span><span class="p">():</span>
+ <span class="k">if</span> <span class="ow">not</span> <span class="n">session</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">&#39;logged_in&#39;</span><span class="p">):</span>
+ <span class="n">abort</span><span class="p">(</span><span class="mi">401</span><span class="p">)</span>
+ <span class="n">g</span><span class="o">.</span><span class="n">db</span><span class="o">.</span><span class="n">execute</span><span class="p">(</span><span class="s">&#39;insert into entries (title, text) values (?, ?)&#39;</span><span class="p">,</span>
+ <span class="p">[</span><span class="n">request</span><span class="o">.</span><span class="n">form</span><span class="p">[</span><span class="s">&#39;title&#39;</span><span class="p">],</span> <span class="n">request</span><span class="o">.</span><span class="n">form</span><span class="p">[</span><span class="s">&#39;text&#39;</span><span class="p">]])</span>
+ <span class="n">g</span><span class="o">.</span><span class="n">db</span><span class="o">.</span><span class="n">commit</span><span class="p">()</span>
+ <span class="n">flash</span><span class="p">(</span><span class="s">&#39;New entry was successfully posted&#39;</span><span class="p">)</span>
+ <span class="k">return</span> <span class="n">redirect</span><span class="p">(</span><span class="n">url_for</span><span class="p">(</span><span class="s">&#39;show_entries&#39;</span><span class="p">))</span>
+<p>Note that we check that the user is logged in here (the <cite>logged_in</cite> key is
+present in the session and <cite>True</cite>).</p>
+<div class="admonition-security-note admonition ">
+<p class="first admonition-title">Security Note</p>
+<p class="last">Be sure to use question marks when building SQL statements, as done in the
+example above. Otherwise, your app will be vulnerable to SQL injection when
+you use string formatting to build SQL statements.
+See <a class="reference internal" href="../patterns/sqlite3.html#sqlite3"><em>Using SQLite 3 with Flask</em></a> for more.</p>
+<div class="section" id="login-and-logout">
+<h2>Login and Logout<a class="headerlink" href="#login-and-logout" title="Permalink to this headline">¶</a></h2>
+<p>These functions are used to sign the user in and out. Login checks the
+username and password against the ones from the configuration and sets the
+<cite>logged_in</cite> key in the session. If the user logged in successfully, that
+key is set to <cite>True</cite>, and the user is redirected back to the <cite>show_entries</cite>
+page. In addition, a message is flashed that informs the user that he or
+she was logged in successfully. If an error occurred, the template is
+notified about that, and the user is asked again:</p>
+<div class="highlight-python"><div class="highlight"><pre><span class="nd">@app.route</span><span class="p">(</span><span class="s">&#39;/login&#39;</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="s">&#39;GET&#39;</span><span class="p">,</span> <span class="s">&#39;POST&#39;</span><span class="p">])</span>
+<span class="k">def</span> <span class="nf">login</span><span class="p">():</span>
+ <span class="n">error</span> <span class="o">=</span> <span class="bp">None</span>
+ <span class="k">if</span> <span class="n">request</span><span class="o">.</span><span class="n">method</span> <span class="o">==</span> <span class="s">&#39;POST&#39;</span><span class="p">:</span>
+ <span class="k">if</span> <span class="n">request</span><span class="o">.</span><span class="n">form</span><span class="p">[</span><span class="s">&#39;username&#39;</span><span class="p">]</span> <span class="o">!=</span> <span class="n">app</span><span class="o">.</span><span class="n">config</span><span class="p">[</span><span class="s">&#39;USERNAME&#39;</span><span class="p">]:</span>
+ <span class="n">error</span> <span class="o">=</span> <span class="s">&#39;Invalid username&#39;</span>
+ <span class="k">elif</span> <span class="n">request</span><span class="o">.</span><span class="n">form</span><span class="p">[</span><span class="s">&#39;password&#39;</span><span class="p">]</span> <span class="o">!=</span> <span class="n">app</span><span class="o">.</span><span class="n">config</span><span class="p">[</span><span class="s">&#39;PASSWORD&#39;</span><span class="p">]:</span>
+ <span class="n">error</span> <span class="o">=</span> <span class="s">&#39;Invalid password&#39;</span>
+ <span class="k">else</span><span class="p">:</span>
+ <span class="n">session</span><span class="p">[</span><span class="s">&#39;logged_in&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="bp">True</span>
+ <span class="n">flash</span><span class="p">(</span><span class="s">&#39;You were logged in&#39;</span><span class="p">)</span>
+ <span class="k">return</span> <span class="n">redirect</span><span class="p">(</span><span class="n">url_for</span><span class="p">(</span><span class="s">&#39;show_entries&#39;</span><span class="p">))</span>
+ <span class="k">return</span> <span class="n">render_template</span><span class="p">(</span><span class="s">&#39;login.html&#39;</span><span class="p">,</span> <span class="n">error</span><span class="o">=</span><span class="n">error</span><span class="p">)</span>
+<p>The logout function, on the other hand, removes that key from the session
+again. We use a neat trick here: if you use the <a class="reference external" href="http://docs.python.org/dev/library/stdtypes.html#dict.pop" title="(in Python v3.3)"><tt class="xref py py-meth docutils literal"><span class="pre">pop()</span></tt></a> method
+of the dict and pass a second parameter to it (the default), the method
+will delete the key from the dictionary if present or do nothing when that
+key is not in there. This is helpful because now we don&#8217;t have to check
+if the user was logged in.</p>
+<div class="highlight-python"><div class="highlight"><pre><span class="nd">@app.route</span><span class="p">(</span><span class="s">&#39;/logout&#39;</span><span class="p">)</span>
+<span class="k">def</span> <span class="nf">logout</span><span class="p">():</span>
+ <span class="n">session</span><span class="o">.</span><span class="n">pop</span><span class="p">(</span><span class="s">&#39;logged_in&#39;</span><span class="p">,</span> <span class="bp">None</span><span class="p">)</span>
+ <span class="n">flash</span><span class="p">(</span><span class="s">&#39;You were logged out&#39;</span><span class="p">)</span>
+ <span class="k">return</span> <span class="n">redirect</span><span class="p">(</span><span class="n">url_for</span><span class="p">(</span><span class="s">&#39;show_entries&#39;</span><span class="p">))</span>
+<p>Continue with <a class="reference internal" href="templates.html#tutorial-templates"><em>Step 6: The Templates</em></a>.</p>
