Validators — Django documentation
Validators
Writing validators
A validator is a callable that takes a value and raises a ValidationError if it doesn’t meet some criteria. Validators can be useful for re-using validation logic between different types of fields.
For example, here’s a validator that only allows even numbers:
from django.core.exceptions import ValidationError
from django.utils.translation import gettext_lazy as _
def validate_even(value):
if value % 2 != 0:
raise ValidationError(
_('%(value)s is not an even number'),
params={'value': value},
)
You can add this to a model field via the field’s validators argument:
from django.db import models
class MyModel(models.Model):
even_field = models.IntegerField(validators=[validate_even])
Because values are converted to Python before validators are run, you can even use the same validator with forms:
from django import forms
class MyForm(forms.Form):
even_field = forms.IntegerField(validators=[validate_even])
You can also use a class with a __call__()
method for more complex or configurable validators. RegexValidator, for example, uses this technique. If a class-based validator is used in the validators model field option, you should make sure it is serializable by the migration framework by adding deconstruct() and __eq__()
methods.
How validators are run
See the form validation for more information on how validators are run in forms, and Validating objects for how they’re run in models. Note that validators will not be run automatically when you save a model, but if you are using a ModelForm, it will run your validators on any fields that are included in your form. See the ModelForm documentation for information on how model validation interacts with forms.
Built-in validators
The django.core.validators module contains a collection of callable validators for use with model and form fields. They’re used internally but are available for use with your own fields, too. They can be used in addition to, or in lieu of custom field.clean()
methods.
RegexValidator
- class RegexValidator(regex=None, message=None, code=None, inverse_match=None, flags=0)
- Parameters
regex – If not
None
, overrides regex. Can be a regular expression string or a pre-compiled regular expression.message – If not
None
, overrides message.code – If not
None
, overrides code.inverse_match – If not
None
, overrides inverse_match.flags – If not
None
, overrides flags. In that case, regex must be a regular expression string, orTypeError
is raised.
A RegexValidator searches the provided
value
for a given regular expression withre.search()
. By default, raises a ValidationError with message and code if a match is not found. Its behavior can be inverted by setting inverse_match toTrue
, in which case the ValidationError is raised when a match is found.- regex
The regular expression pattern to search for within the provided
value
, usingre.search()
. This may be a string or a pre-compiled regular expression created withre.compile()
. Defaults to the empty string, which will be found in every possiblevalue
.
- message
The error message used by ValidationError if validation fails. Defaults to
"Enter a valid value"
.
- code
The error code used by ValidationError if validation fails. Defaults to
"invalid"
.
- inverse_match
The match mode for regex. Defaults to
False
.
EmailValidator
- class EmailValidator(message=None, code=None, allowlist=None)
- Parameters
- message
The error message used by ValidationError if validation fails. Defaults to
"Enter a valid email address"
.
- code
The error code used by ValidationError if validation fails. Defaults to
"invalid"
.
- allowlist
Allowlist of email domains. By default, a regular expression (the
domain_regex
attribute) is used to validate whatever appears after the@
sign. However, if that string appears in theallowlist
, this validation is bypassed. If not provided, the defaultallowlist
is['localhost']
. Other domains that don’t contain a dot won’t pass validation, so you’d need to add them to theallowlist
as necessary.
Deprecated since version 3.2: The
whitelist
parameter is deprecated. Use allowlist instead. The undocumenteddomain_whitelist
attribute is deprecated. Usedomain_allowlist
instead.
URLValidator
- class URLValidator(schemes=None, regex=None, message=None, code=None)
A RegexValidator subclass that ensures a value looks like a URL, and raises an error code of
'invalid'
if it doesn’t.Loopback addresses and reserved IP spaces are considered valid. Literal IPv6 addresses (RFC 3986#section-3.2.2) and Unicode domains are both supported.
In addition to the optional arguments of its parent RegexValidator class,
URLValidator
accepts an extra optional attribute:- schemes
URL/URI scheme list to validate against. If not provided, the default list is
['http', 'https', 'ftp', 'ftps']
. As a reference, the IANA website provides a full list of valid URI schemes.
validate_slug
- validate_slug
- A RegexValidator instance that ensures a value consists of only letters, numbers, underscores or hyphens.
validate_unicode_slug
- validate_unicode_slug
- A RegexValidator instance that ensures a value consists of only Unicode letters, numbers, underscores, or hyphens.
validate_ipv4_address
- validate_ipv4_address
- A RegexValidator instance that ensures a value looks like an IPv4 address.
validate_ipv6_address
- validate_ipv6_address
- Uses
django.utils.ipv6
to check the validity of an IPv6 address.
validate_ipv46_address
- validate_ipv46_address
- Uses both
validate_ipv4_address
andvalidate_ipv6_address
to ensure a value is either a valid IPv4 or IPv6 address.
validate_comma_separated_integer_list
- validate_comma_separated_integer_list
- A RegexValidator instance that ensures a value is a comma-separated list of integers.
int_list_validator
- int_list_validator(sep=',', message=None, code='invalid', allow_negative=False)
- Returns a RegexValidator instance that ensures a string consists of integers separated by
sep
. It allows negative integers whenallow_negative
isTrue
.
MaxValueValidator
- class MaxValueValidator(limit_value, message=None)
- Raises a ValidationError with a code of
'max_value'
ifvalue
is greater thanlimit_value
, which may be a callable.
MinValueValidator
- class MinValueValidator(limit_value, message=None)
- Raises a ValidationError with a code of
'min_value'
ifvalue
is less thanlimit_value
, which may be a callable.
MaxLengthValidator
- class MaxLengthValidator(limit_value, message=None)
- Raises a ValidationError with a code of
'max_length'
if the length ofvalue
is greater thanlimit_value
, which may be a callable.
MinLengthValidator
- class MinLengthValidator(limit_value, message=None)
- Raises a ValidationError with a code of
'min_length'
if the length ofvalue
is less thanlimit_value
, which may be a callable.
DecimalValidator
- class DecimalValidator(max_digits, decimal_places)
- Raises ValidationError with the following codes:
'max_digits'
if the number of digits is larger thanmax_digits
.'max_decimal_places'
if the number of decimals is larger thandecimal_places
.'max_whole_digits'
if the number of whole digits is larger than the difference betweenmax_digits
anddecimal_places
.
FileExtensionValidator
- class FileExtensionValidator(allowed_extensions, message, code)
Raises a ValidationError with a code of
'invalid_extension'
if the extension ofvalue.name
(value
is a File) isn’t found inallowed_extensions
. The extension is compared case-insensitively withallowed_extensions
.Warning
Don’t rely on validation of the file extension to determine a file’s type. Files can be renamed to have any extension no matter what data they contain.
validate_image_file_extension
- validate_image_file_extension
- Uses Pillow to ensure that
value.name
(value
is a File) has a valid image extension.
ProhibitNullCharactersValidator
- class ProhibitNullCharactersValidator(message=None, code=None)
Raises a ValidationError if
str(value)
contains one or more nulls characters ('\x00'
).- message
The error message used by ValidationError if validation fails. Defaults to
"Null characters are not allowed."
.
- code
The error code used by ValidationError if validation fails. Defaults to
"null_characters_not_allowed"
.