Назад към всички

Django

// Build secure Django apps avoiding ORM pitfalls, N+1 queries, and common security traps.

$ git log --oneline --stat
stars:1,933
forks:367
updated:March 4, 2026
SKILL.mdreadonly
SKILL.md Frontmatter
nameDjango
slugdjango
version1.0.1
descriptionBuild secure Django apps avoiding ORM pitfalls, N+1 queries, and common security traps.
metadata[object Object]

Quick Reference

TopicFile
QuerySet lazy eval, N+1, transactionsorm.md
Request handling, middleware, contextviews.md
Validation, CSRF, file uploadsforms.md
Migrations, signals, managersmodels.md
XSS, CSRF, SQL injection, authsecurity.md
Async views, ORM in async, channelsasync.md

Critical Rules

  • QuerySets are lazy — iterating twice hits DB twice, use list() to cache
  • select_related for FK/O2O, prefetch_related for M2M — or N+1 queries
  • update() skips save() — no signals fire, no auto_now update
  • F() for atomic updates — F('count') + 1 avoids race conditions
  • get() raises DoesNotExist or MultipleObjectsReturned — use filter().first() for safe
  • DEBUG=False requires ALLOWED_HOSTS — 400 Bad Request without it
  • Forms need {% csrf_token %} — or 403 Forbidden on POST
  • auto_now can't be overridden — use default=timezone.now if need manual set
  • exclude(field=None) excludes NULL — use filter(field__isnull=True) for NULL
  • Circular imports in models — use string reference: ForeignKey('app.Model')
  • transaction.atomic() doesn't catch exceptions — errors still propagate
  • sync_to_async for ORM in async views — ORM is sync-only