Form Validation

Validation ensures that user input is correct before processing it. You can validate on the client side (JavaScript) and on the server side (Flask). Server‑side validation is mandatory because client‑side can be bypassed.

Basic Validation with Raw Flask

@app.route('/register', methods=['GET', 'POST'])
def register():
    if request.method == 'POST':
        name = request.form.get('name')
        email = request.form.get('email')
        errors = {}
        if not name:
            errors['name'] = 'Name is required.'
        if not email or '@' not in email:
            errors['email'] = 'Valid email is required.'
        if errors:
            return render_template('register.html', errors=errors)
        # process valid data
        return 'Success!'
    return render_template('register.html')

Using Flask‑WTF Validators

Flask‑WTF provides many built‑in validators.

from wtforms.validators import DataRequired, Email, Length

class RegisterForm(FlaskForm):
    name = StringField('Name', validators=[DataRequired(), Length(min=2, max=20)])
    email = StringField('Email', validators=[DataRequired(), Email()])
    submit = SubmitField('Register')

In the route:

form = RegisterForm()
if form.validate_on_submit():
    # all validations passed
    return 'Valid!'
return render_template('register.html', form=form)

Displaying Errors in Templates

With Flask‑WTF, errors are automatically available.

{{ form.name.label }} {{ form.name() }}
{% for error in form.name.errors %}
    {{ error }}
{% endfor %}

Two Minute Drill

Always validate on the server side.
Use `request.form.get()` with raw Flask to handle missing keys.
Flask‑WTF provides validators like `DataRequired` `Email` `Length`.
`form.validate_on_submit()` checks both CSRF and validation.

Need more clarification?

Drop us an email at career@quipoinfotech.com

Welcome to Quipoin

Quipoin Menu

Form Validation

Need more clarification?