I dont understand request flows

Having read a bit, I still don't understand. Can you help me see where I am going wrong?

• a view function sends out a request and gets a response

• a httprequest contains info about a currently requested url.

• httprequest objects have 2 attributes containing info submitted by

  user. GET and POST

• Use post when requesting sensitive information, use get when not.

• Post data is generally submitted from an html Form.

OK then. If I want sensitive information from a user such as their name, dob etc, I put the requested info inside a form on the html side. On the server side I gather that info by using an object request and its attribute POST. I then point it to the html input name I specifically want. Thus we have request.POST['Name'] this will return a string value which I give to a variable of my choosing. Thus name = request.POST['Name'开发者_JS百科]. name on the server side will now hold the users entered name.

Before I continue, is there anything I have gotten wrong?

You're nearly right.

The distinction between GET and POST, however, isn't anything to do with sensitive information. It's true that GET data is visible in the URL (after the ?) and POST data isn't, but that doesn't make POST any more secure - it's trivial to get that data if you want to.

In fact the difference is really one of semantics. GET is used when you're just requesting particular information from the server - for instance, page 2 of a set, or a specific search query. POST is used when you're updating information - submitting a form to change stored data.

Apart from that, you're just about there. One thing that will probably help you is to read up on Django's forms framework, which does a lot of the work in generation and validation of forms for you.

You got one tiny bit of it wrong.

The user sends out a request, which the view function receives, then the view function sends out a response.

And HTTP objects have a lot more information included than just GET and POST variables. See Django's official documentation for more information about this.