I’m building a web forum using Django, including the built-in authentication module . I’m

Question

0

Asked: May 30, 20262026-05-30T14:54:00+00:00 2026-05-30T14:54:00+00:00

I’m building a web forum using Django, including the built-in authentication module . I’m

0

I’m building a web forum using Django, including the built-in authentication module.

I’m using the built-in UserCreationForm to register users. However, as I‘ve decided to use e-mail addresses as the sole way to identify users, I’m generating a username for users before registering them.

To account for users who have already registered, before I generate a username, I check that a user doesn’t exist with the supplied e-mail address.

Is it safe to use the supplied e-mail address, directly from request.POST, in a query to the Django ORM, without doing any sanitisation on it? I can’t see anything in the documentation about data in request.POST being sanitised, but the ORM protects against SQL injection. Are there other potential attacks that I’m missing?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-30T14:54:02+00:00

Editorial Team

2026-05-30T14:54:02+00:00Added an answer on May 30, 2026 at 2:54 pm

request.POST itself is not sanitized, but the Django ORM automatically sanitizes anything your throw at it, so yes, it’s safe to simply pass it right to the ORM. Just be careful with using raw or extra.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m building a web forum using Django, including the built-in authentication module . I’m

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply