null=True
sets NULL
(versus NOT NULL
) on the column in your DB. Blank values for Django field types such as DateTimeField
or ForeignKey
will be stored as NULL
in the DB.
blank
determines whether the field will be required in forms. This includes the admin and your custom forms. If blank=True
then the field will not be required, whereas if it's False
the field cannot be blank.
The combo of the two is so frequent because typically if you're going to allow a field to be blank in your form, you're going to also need your database to allow NULL
values for that field. The exception is CharField
s and TextField
s, which in Django are never saved as NULL
. Blank values are stored in the DB as an empty string (''
).
A few examples:
models.DateTimeField(blank=True) # raises IntegrityError if blank
models.DateTimeField(null=True) # NULL allowed, but must be filled out in a form
Obviously, Those two options don't make logical sense to use (though there might be a use case for null=True, blank=False
if you want a field to always be required in forms, optional when dealing with an object through something like the shell.)
models.CharField(blank=True) # No problem, blank is stored as ''
models.CharField(null=True) # NULL allowed, but will never be set as NULL
CHAR
and TEXT
types are never saved as NULL
by Django, so null=True
is unnecessary. However, you can manually set one of these fields to None
to force set it as NULL
. If you have a scenario where that might be necessary, you should still include null=True
.
Django escapes by default. You can mark a string as safe
via a filter or tag to prevent the auto escaping behavior.
{{ my_text_with_html|safe }}
{% autoescape off %}
{{ my_test_with_html }}
{% endautoescape %}
If you accept user inputted html, you'll want to sanitize it so they can't write scripts and such.. for that, just search python html sanitizing and apply it before sending the data to the template.
Python HTML sanitizer / scrubber / filter
Best Answer
The
gtbfieldid
attribute is added dynamically by the Google Toolbar to the<input>
and<select>
tags that it thinks it can fill in for you.If you add the
autocomplete="off"
attribute to the<form>
tag that contains them, then the Google Toolbar will not add thesegtbfielid
attributes, and its autofill functionality will not be available when filling out that form.Both of these attributes are non-standard XHTML, so your form will fail validation but if this autofill behavior is causing problems for your visitors, then adding the
autocomplete="off"
attribute is the only workaround to stop the Google Toolbar from manipulating your form elements and offering to try to fill it in for the user.Here's how you'd set the autocomplete attribute (in django):