参考：http://www.cnblogs.com/himir/p/5940705.htmlhttps://zhuanlan.zhihu.com/p/24423891flask-uploadsflask的一个文件上传扩展,提供了UploadSet这个概念flask-wtf(中文)很强大的表单的扩展flask-bootstrapbootstrap的flask扩展,结合模版使用,此处用到quick_form功能fromflaskimportFlask,render_templatefromflask_uploadsimportUploadSet,IMAGES,configure_uploadsfromflask_wtfimportFormfromwtformsimportSubmitFieldfromflask_wtf.fileimportFileField,FileAllowed,FileRequiredfromflask_bootstrapimportBootstrapfromwerkzeug.utilsimportsecure_filenameapp=Flask(__name__)#新建一个set用于设置文件类型、过滤等set_mypic=UploadSet('mypic')#mypic#用于wtf.quick_form()模版渲染bootstrap=Bootstrap(app)#mypic的存储位置,#UPLOADED_xxxxx_DEST,xxxxx部分就是定义的set的名称,mypi,下同app.config['UPLOADED_MYPIC_DEST']='./static/img'#mypic允许存储的类型,IMAGES为预设的tuple('jpgjpejpegpnggifsvgbmp'.split())#DOCUMENTS=tuple('rtfodfodsgnumericabwdocdocxxlsxlsx'.split())#AUDIO=tuple('wavmp3aacoggogaflac'.split())#TEXT=('txt',)#DATA=...#SCRIPTS=...#ARCHIVES=...#EXECUTABLES=...#DEFAULT=TEXT+DOCUMENTS+IMAGES+DATAapp.config['UPLOADED_MYPIC_ALLOW']=IMAGES#把刚刚app设置的config注册到set_mypicconfigure_uploads(app,set_mypic)#此处WTF的SCRF密码默认为和flask的SECRET_KEY一样#app.config['WTF_CSRF_SECRET_KEY']='wtfcsrfsecretkey'app.config['SECRET_KEY']='xxxxx'#允许上传的文件最大为10Mpatch_request_class(app,10*1024*1024)classUploadForm(Form):#文件field设置为‘必须的’，过滤规则设置为‘set_mypic’upload=FileField('p_w_picpath',validators=[FileRequired('文件未选择！'),FileAllowed(set_mypic,'只能上传图片！')])submit=SubmitField('上传')@app.route('/',methods=('GET','POST'))defindex():form=UploadForm()url=Noneifform.validate_on_submit():filename=secure_filename(form.upload.data.filename)fileupload=set_mypic.save(form.upload.data,name=filename)url=set_mypic.url(fileupload)returnrender_template('index.html',form=form,url=url)if__name__=='__main__':app.run(debug=True)-----------------------------------------安全上传方法：fromflask_wtfimportFlaskFormfromflask_wtf.fileimportFileField,FileRequiredfromwerkzeug.utilsimportsecure_filenameform=FlaskForm(csrf_enabled=False)WTF_CSRF_ENABLED=FalseWTF_CSRF_SECRET_KEY='arandomstring'classPhotoForm(FlaskForm):photo=FileField(validators=[FileRequired()])@app.route('/upload',methods=['GET','POST'])defupload():ifform.validate_on_submit():f=form.photo.datafilename=secure_filename(f.filename)f.save(os.path.join(app.instance_path,'photos',filename))returnredirect(url_for('index'))returnrender_template('upload.html',form=form)------------------------------------------------html文件:{%extends"base.html"%}{%import"bootstrap/wtf.html"aswtf%}{%blockpage_content%}{{wtf.quick_form(form,enctype="multipart/form-data")}}<h5>文件上传成功！</h5>{%ifurl%}<br><imgsrc="{{url}}">{%endif%}{%endblockpage_content%}注：上传文件的form必须是POST方法，并且enctype=multipart/form-data。type=file。如果使用GET方法，则只会上传文件名。如何将照片资源与用户进行绑定？使用轻量级ORM框架，peewee，使用两个字段use_id、photo_name。将数据存储到数据库表格中。需要时可根据登录user的id获取到对应的photo_name，然后使用photos.url(photo_name)进行加载。