In this post I will answer couple of questions.
- When to choose django
- Why to choose django
When to choose django ?
Django makes it easier to build better Web apps more quickly and with less code. It is the Web framework for perfectionists with deadlines. So, If the development team is small and the web app should be completed quickly then django is the best choice.
Django is good enough for most of the project needs. For example it may be a e-commerce website, blog app, music streaming app like Spotify. But If the application needs a high intense data processing like video streaming, gaming then one can go for technologies like node js. Even django can handle that but it's not too efficient. It can be easily scaled or switched between django to other technologies anytime. If the stack contains django and needs to be switched to other technology then it can be done easily. So in short django is ideal for startups with less number of people in the development team.
Now let's see advantages of using django.
Why to choose django?
With Django, you can take Web applications from concept to launch in a matter of hours. Django takes care of much of the hassle of Web development, so you can focus on writing your app without needing to reinvent the wheel. It’s free and open source.
There are number of reasons to choose django. Here are the top 5 reasons to use django in your stack.
1. Ridiculously fast
Django was designed to help developers take applications from concept to completion as quickly as possible. If the project needs to be completed quickly and take to the market the django is the choice.
2. Highly scalable
Django can definitely scaled. How small or large the application is, it can be scaled. For example instagram used django at the begining. Now instagram has scaled a lot.
3. Highly secure
This is the most wanted feature for every developers. The application should be secure. Django protects from almost all the security vulnerabilities that exists. See this checklist for more info. Here are some security features which django provide
SQL injection protection
SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution more here.
How django protects for SQL injection attack ?
Django’s querysets are protected from SQL injection since their queries are constructed using query parameterization. A query’s SQL code is defined separately from the query’s parameters. Since parameters may be user-provided and therefore unsafe, they are escaped by the underlying database driver more here.
Cross site scripting (XSS) protection
XSS attacks enable attackers to inject client-side scripts into web pagesviewed by other users. This is achieved by storing malicious scripts in the database where it will be retrieved and displayed to other users. For example in a blog app attackers can post a blog with malicious scripts which are stored in database and when other users go that post these scripts gets executed in the browser. More here
How django protect from XSS?
Django templates protects against the majority of XSS attacks. every template automatically escapes the output of every variable tag. These five characters are escaped:
<is converted to
>is converted to
'(single quote) is converted to
"(double quote) is converted to
&is converted to
Learn more about how django protects from XSS here.
Cross site request forgery (CSRF) protection
CSRF attacks allow a malicious user to execute actions using the credentials of another user without that user’s knowledge or consent. More here
How django protects from CSRF attack ?
CSRF token is sent to client side either as cookie or just embedded in the sent data like embedding value inside the input tag with value hidden.
CSRF protection works by checking for a secret in each POST request. This ensures that a malicious user cannot “replay” a form POST to your website and have another logged in user unwittingly submit that form. The malicious user would have to know the secret, which is user specific (using a cookie more here
Other security features django provides
- Clickjacking protection
- Referrer policy
- Session security
- User uploaded content
- And other protections more here
4. Dozens of extras
Because django is designed to make web applications faster it comes with dozens of extras to make common Web-development tasks fast and easy.
Object relational mapper
This helps to describe the database layout in Python code. For example in models.py
The above code creates a database with 2 tables one named article and other named reporter. Reporter contains full_name coloum. Article contains the following list of coloum
- pub_date - datefield
- headline - varchar
- Content - longtext
- reporter - foriegnkey with reporter
To create database with the coloums specified above one needs to just run the following command
py manage.py makemigrations
Py manage.py migrate
makemigrations command looks at all your available models and creates migrations for whichever tables don’t already exist in the migrations folder . migrate runs the migrations and creates tables in your database, as well as optionally providing much richer schema control.
Amazing admin interface
Once the models are registered in admin.py file dango can automatically create a professional, production ready administrative interface. A superuser can perform CRUD operations using the inbuilt admin page.
Design your URLs
Every web application contains urls to access the resource or information, so designing urls is the common task for a web developer. Django makes it easier to design beutiful urls by creating a list of urlpatterns in the urls.py file. It contains a mapping between URL patterns and Python callback functions.
views.py file contains python functions that takes a Web request and returns a Web response. It's the place to create buissnes logic.
Example of views function to the above urls
Django creates dynamic html using templates.
A template contains the static parts of the desired HTML output as well as some special syntax describing how dynamic content will be inserted
5. Good documentation
Here are some places to get help from when you are stuck in django
That's it for this post guys. Hope you enjoyed it a lot and got some information. Any queries be sure to put it in the comment section. If you like the post click the like button. Follow me for more django related stuff in future I will create a django course on platiplus so stay tuned 🤠✌️ .