HomeFlask in 5 DaysDay 3
Day 3 of 5
⏱ ~60 minutes
Flask in 5 Days — Day 3

Forms and Validation

Handle HTML forms with WTForms, validate input server-side, handle file uploads, and display flash messages.

WTForms Integration

Terminal
pip install flask-wtf
app.py
app.config['SECRET_KEY'] = 'your-secret-key'  # required for CSRF
forms.py
from flask_wtf import FlaskForm
from wtforms import StringField, TextAreaField, EmailField
from wtforms.validators import DataRequired, Email, Length

class ContactForm(FlaskForm):
    name = StringField('Name', validators=[DataRequired(), Length(min=2, max=50)])
    email = EmailField('Email', validators=[DataRequired(), Email()])
    message = TextAreaField('Message', validators=[DataRequired(), Length(min=10)])
views.py
from .forms import ContactForm
from flask import flash

@app.route('/contact', methods=['GET', 'POST'])
def contact():
    form = ContactForm()
    if form.validate_on_submit():
        # form is valid and it was a POST
        flash('Message sent!', 'success')
        return redirect(url_for('index'))
    return render_template('contact.html', form=form)
templates/contact.html

  {{ form.hidden_tag() }}  {# CSRF token #}
  

    {{ form.name.label }}
    {{ form.name(class='input') }}
    {% for error in form.name.errors %}
      {{ error }}
    {% endfor %}
  

  {{ form.message.label }}
  {{ form.message() }}
📝 Day 3 Exercise
Build a Contact Form
  1. C
  2. r
  3. e
  4. a
  5. t
  6. e
  8. a
  10. C
  11. o
  12. n
  13. t
  14. a
  15. c
  16. t
  17. F
  18. o
  19. r
  20. m
  22. w
  23. i
  24. t
  25. h
  27. W
  28. T
  29. F
  30. o
  31. r
  32. m
  33. s
  35. v
  36. a
  37. l
  38. i
  39. d
  40. a
  41. t
  42. o
  43. r
  44. s
  45. .
  47. D
  48. i
  49. s
  50. p
  51. l
  52. a
  53. y
  55. i
  56. n
  57. l
  58. i
  59. n
  60. e
  62. e
  63. r
  64. r
  65. o
  66. r
  67. s
  69. p
  70. e
  71. r
  73. f
  74. i
  75. e
  76. l
  77. d
  78. .
  80. S
  81. h
  82. o
  83. w
  85. a
  87. f
  88. l
  89. a
  90. s
  91. h
  93. m
  94. e
  95. s
  96. s
  97. a
  98. g
  99. e
  101. o
  102. n
  104. s
  105. u
  106. c
  107. c
  108. e
  109. s
  110. s
  111. .
  113. R
  114. e
  115. d
  116. i
  117. r
  118. e
  119. c
  120. t
  122. a
  123. f
  124. t
  125. e
  126. r
  128. P
  129. O
  130. S
  131. T
  133. t
  134. o
  136. p
  137. r
  138. e
  139. v
  140. e
  141. n
  142. t
  144. d
  145. o
  146. u
  147. b
  148. l
  149. e
  150. -
  151. s
  152. u
  153. b
  154. m
  155. i
  156. s
  157. s
  158. i
  159. o
  160. n
  161. .

Day 3 Summary

  • Flask-WTF wraps WTForms with CSRF protection. Always add form.hidden_tag() to your forms.
  • form.validate_on_submit() returns True only on valid POST requests — the one method you need.
  • Flash messages: flash('message', 'category') in the view, get_flashed_messages() in the template.
  • Post-Redirect-Get (PRG) pattern: after a successful POST, redirect. Prevents form resubmission on refresh.
← Previous
Day 2: SQLAlchemy and Databases
Next →
Day 4: Authentication
Finished this lesson?