Django explained: A concise guide for kick-starting your next Python web project

By IBM Cloud Education

  • Streamline web development in Python with the Django framework
  • Build your application’s entire data model in Python — no SQL needed
  • Create dynamic pages and tighten security using Django templates

If you’re looking to create a new web application, you could start from scratch, building all of your APIs, sitemaps, RSS feeds and libraries on your own. Alternatively, you could use a development tool such as WordPress or Drupal, both content management systems designed primarily for creating websites by drawing from modules, plug-ins and templates.

But there is a third path: You could adopt a web framework. A web framework packages together many of the elements you need to build a web application. Starting with a framework is more efficient than starting from scratch, letting you focus on creating a unique application. At the same time, it can provide greater flexibility than using a web development tool.

If you’re developing your web application in Python, consider the Django web framework. Django — pronounced “Jango,” named after the famous jazz guitarist Django Reinhardt — is a free, open source framework that was first publicly released in 2005. According to its project page, Django facilitates “rapid development and clean, pragmatic design.” Django can help you quickly produce a web front end that’s feature-rich, secure and scalable.

 

Python application with cloud services

Tap into cloud services from your Python application

 

Want some hands-on experience working with an app created using the Django framework? IBM offers a step-by-step tutorial for using IBM Cloud™ services to track activity and monitor the health of a Python-based Cloud Foundry application written using Django and running on the IBM Cloud.

 

Why use Django?

With all the Python web frameworks to choose from, why pick Django? It might not be the easiest to use, and it’s certainly not the newest. Nevertheless, Django might be the right fit when you’re building a web application that’s expected to handle a large number of users or a complex set of features, such as API connectivity or user authentication.

Anyone proficient in Python should be able to use Django to build an application. However, intermediate to advanced Python developers can better capitalize on Django’s more sophisticated features.

 

Packaging essential features

Django has been in use for more than a decade and has been thoroughly tested and enhanced by a very active community. Django’s greatest strength is its large feature set: With more than 10,000 Django packages, the framework covers virtually anything you’ll need a web application to do. Packages include everything from APIs to content management systems and user authentication to form validation and CAPTCHA protection.

The Django user base is supportive and dedicated, full of talented developers volunteering their time and expertise to develop, improve and patch the framework. Your application can benefit from this commitment by tapping into the well-designed packages available to anyone building with Django.

 

Making database management more Python-like

Django allows you to build your application’s entire data model in Python, without needing to use SQL. Using an object-relational mapper (ORM), Django converts traditional database structure into Python classes to make them easier to work with in a fully Python environment.

In Django, your database tables become Python classes. The fields of the database are simply converted into class attributes. If you’re familiar with class attribute definition in Python, you can easily design and manage a Django database.

Django offers a shortcut to full integration with your application’s database. It provides CRUD (create, read, update, delete) functionality, supplies user management capabilities, offers software administration features and more. You import the packages, connect to your database and then get back to work developing the parts of your application that make your product unique.

 

Creating dynamic pages with templates

Because Django is designed to be used for web application development, it needs a way to easily create dynamic HTML that displays your user’s unique data. Django produces that dynamic HTML with a built-in templating engine called the Django template language (DTL).

An HTML template allows you to combine static elements (including design elements such as colors, logos or text) with data (such as user names or locations) to create a new web page on the fly. For example, if you want your application to greet a user by name when they log in, you can build a template that displays the static text (“Welcome to the site, X”) then use a dynamic placeholder to automatically display the user’s first name from your database. When the page renders, it will combine the dynamic elements with the static ones to create a seamless user experience.

 

Enhancing security

Web applications are frequent targets of hackers, especially applications that store user login information or financial data. Django offers features to help protect your application and your users.

One of the biggest risks for sites that accept user-entered data is that a malicious user will inject code with their data that can have a disastrous effect on your system. To protect against attacks like these, Django templates automatically escape common HTML characters in any user-entered field. For example, it will automatically convert ‘<’ to ‘&lt;’ to make it difficult to inject malicious code into your program. Django protects from SQL injection in a similar way, reinterpreting unauthorized commands so that users can’t sneak their own code into your database.

You can also count on Django APIs to automatically use cross-site request forgery (CSRF) protection to insert user-specific secret tokens into POST requests. As a result, you can prevent malicious users from duplicating other POST requests to masquerade as authorized users.

The protection of Django goes beyond its explicit security features: Your security efforts are enhanced by the extensive experience and expertise of the Django user base. If you build your entire web application from scratch, you run the risk of accidentally introducing a security vulnerability into your module. Django packages are widely used, open source and well reviewed, so you can be more confident that they’ll protect your data.

 

Scaling Django

One of the biggest challenges in web development is scalability. Your application must handle exactly the number of active connections at any given time. If the connections exceed your estimate, your users will experience lags and downtime. Estimate too conservatively and you’ll pay for bandwidth and servers you’re not using. You need an application that can grow as you gain more users.

Django makes scaling easy. Because Django can manage your user sessions, you can add more instances of your application and transfer the user’s experience across the instances without losing data. Many Django developers also use a cache manager such as Varnish to pre-load the static elements of the site for users.

You’ll need to carefully configure the cache manager to avoid accidently caching your entire site, including the dynamic elements. A poorly configured cache could also lead to sharing data from one user to the next. You can avoid over-caching by using Django’s native (but limited) cache framework in conjunction with an external cache manager to free up performance resources while being selective on what is stored.

How scalable is Django? Instagram and Disqus are among the very large sites that use Django to support their huge user bases.

Want some hands-on experience working with an app created using the Django framework? IBM offers a step-by-step tutorial for using IBM Cloud services to track activity and monitor the health of a Python-based Cloud Foundry application written using Django and running on the IBM Cloud.