Django Interview Questions

Django follows the MVT architecture, which stands for Model-View-Template. It is a software design pattern specifically designed to support the rapid development of dynamic web applications with a clean and maintainable structure.

Model:
The Model is responsible for handling the data logic of the application. It defines the structure of the database, manages data through ORM (Object Relational Mapping), and acts as an interface between the application and the database. Common databases used include MySQL, PostgreSQL, and SQLite.

View:
The View handles the business logic and interacts with both the Model and the Template. It retrieves data from the model and passes it to the template for rendering. Views are usually written as Python functions or classes and return responses such as HTML pages or JSON data.

Template:
The Template represents the presentation layer, i.e., what the user sees in the browser. It contains static HTML as well as Django Template Language (DTL) syntax to inject dynamic content. It defines how data from the view should be presented to the end user.

In Django, the main difference between a project and an app lies in their scope and purpose within a web application.

A project is the entire Django web application. It includes the global configuration files, such as settings.py, urls.py, wsgi.py, and manages the overall behavior of the website.

An app is a modular, self-contained component within a project that performs a specific function, such as user management, blog, or payment processing. Apps are reusable and can be plugged into other Django projects as well.

Example: If you are building an e-commerce site, the project is the whole site, while individual apps could be for user accounts, product listings, shopping cart, and order management.

When you start a new Django project, it creates a default directory structure with several important files and folders that help organize and manage your application.

Common Files and Their Purpose:

• __init__.py: An empty file that tells Python this directory is a package. Required for package imports.
• manage.py: A command-line utility that lets you interact with your project. Common commands include:
  python manage.py runserver
python manage.py makemigrations
python manage.py migrate
• settings.py: Contains all configuration settings such as installed apps, middleware, database configuration, static files, API keys, etc.
• urls.py: Handles URL routing. Maps URL patterns to specific view functions.
• views.py: Contains the view logic which retrieves data from models and renders templates.
• models.py: Defines data models using classes. Each model maps to a database table.
• wsgi.py: Stands for Web Server Gateway Interface. It is used for deploying the application and acts as a bridge between the web server and Django app.
• asgi.py: Similar to wsgi.py but used for asynchronous servers (optional, depending on the project).
• admin.py: Used to register models in the Django admin interface and manage superuser login.
• apps.py: Contains configuration for the Django app. Helps Django know about your app’s metadata.

To create a new Django project, you can use the django-admin command-line tool provided by Django. This command sets up the base directory structure for your project.

Command:

django-admin startproject projectname

Example Directory Structure Created:

projectname/
├── manage.py
└── projectname/
    ├── __init__.py
    ├── settings.py
    ├── urls.py
    ├── wsgi.py
    └── asgi.py

After running the command, navigate into the project folder using cd projectname and start the development server with python manage.py runserver.

This initializes a new Django project, including all necessary files for configuration, routing, and deployment setup.

In Django, an app is a web application that does something — e.g., a blog system, a user authentication system, or a contact form. You can create an app using the following command:

Command:

python manage.py startapp appname

Directory Structure of the App:

appname/
├── __init__.py
├── admin.py
├── apps.py
├── models.py
├── tests.py
├── views.py
└── migrations/
    └── __init__.py

After creating the app, don't forget to add your app name to the INSTALLED_APPS list in settings.py of your Django project:

INSTALLED_APPS = [
    ...
    'appname',
]

This tells Django to include the app in your project so its models, views, and URLs can be recognized.

A virtual environment allows you to establish separate dependencies for different Django projects by creating an isolated environment that isn't related to each other and can be quickly enabled or deactivated when needed.

It is not mandatory to use a virtual environment; we can work on Django projects without it. However, using virtualenv or venv is considered a best practice because it eliminates package conflicts and keeps dependencies well-managed per project.

Static files in Django are files such as CSS, JavaScript, images, or any other type of asset that does not change frequently. These files are stored in separate folders inside the static directory within each app or a global static directory.

Django provides django.contrib.staticfiles to help manage these files efficiently during development and deployment.

Uses of Static Files:

• Used to include styling (CSS), interactivity (JS), and media (images) in templates.
• Makes the UI consistent and visually appealing.
• Helps in separating design from logic.
• Improves page load speed when served via CDN or optimized during deployment.

1. python manage.py makemigrations:
This command scans your Django app for changes made to the models.py file and prepares migration files that describe those changes. It does not apply the changes to the database but only generates the SQL migration scripts that are ready to be applied.

2. python manage.py migrate:
This command applies the migrations created by makemigrations to the actual database. It executes the generated SQL commands and creates or alters tables and schema as needed in your database.

Together, these two commands help keep your database schema in sync with your Django models.

In Django, URLs (Uniform Resource Locators) are used to map web addresses to specific views and functionalities within a Django application. They define the routing structure of a website.

A file named urls.py is used to manage these URL patterns. When a user requests a specific route via the browser, Django compares the URL pattern defined in urls.py and calls the corresponding view function associated with that route.

This mechanism ensures that when someone visits a particular page, Django can return the appropriate response by rendering a view or performing a certain action.

In Django, views are a key component of the MVT (Model-View-Template) architecture. A view is a function or a class-based handler that receives a web request and returns a web response.

This response can be anything from an HTML page, JSON data, PDF document, or even images. The view processes data (often via models), applies business logic, and renders the response using templates.

Essentially, Django views serve as the bridge between the models (data layer) and templates (presentation layer), ensuring the user receives the appropriate content when accessing a route.

In Django, models are a built-in feature that act as the definitive source of information about the data structure and behavior. Each model is a Python class that maps to a single table in a database.

Models define the fields (columns), data types, relationships, and constraints of the database. Django models provide a high-level abstraction of the database and allow developers to perform all database operations using Python instead of writing raw SQL queries.

To use models in Django, you must define them in the models.py file of your app. Django then uses these definitions to automatically create tables and handle data interaction via its ORM (Object Relational Mapper).

Models are central to Django’s MVT (Model-View-Template) architecture and make it easy to work with relational databases in a clean, maintainable way.

Sessions are a mechanism in Django for maintaining the state between a user's browser and the web application. They are used to store user-specific information on the server side for the duration of the user’s interaction with the application.

Django uses server-side sessions, meaning the data is stored on the server (not in the browser), and only a session ID is stored in the browser via a cookie. This approach is secure and scalable for storing data such as user preferences, authentication states, and shopping cart contents.

Sessions in Django are initiated automatically, but developers can explicitly start one and store data using request.session. For example:

request.session['username'] = 'JohnDoe'

A major benefit of using Django sessions is that the stored data is encrypted and not accessible from the client-side, which enhances security. The session persists until the user logs out, closes the browser, or the session expires.

A Django template is a text-based file used to define the structure and layout of a webpage. It forms the third component of Django’s MVT (Model-View-Template) architecture, responsible for presenting data to the user in a structured and styled format.

Templates in Django are typically HTML files that can also contain template tags, filters, and dynamic content such as variables and logic provided by Django’s templating engine. These templates are rendered by views and sent as HTTP responses to the client’s browser.

Django supports two approaches to manage template directories:

• Global Template Directory: A single directory defined in the project’s settings file, accessible across all apps.
• App-specific Template Directory: Each app in the Django project can have its own template folder, usually named templates, to organize and isolate templates per app.

This templating system enables developers to maintain separation between business logic and presentation logic while efficiently creating dynamic, reusable HTML pages.

Below are the key differences between MVC (Model-View-Controller) and MVT (Model-View-Template) architectural patterns:

• Controller Handling: In MVC, both Model and View are driven by the Controller. In MVT, Views handle HTTP requests and responses directly.
• Control Logic: MVC requires writing control-specific code separately in the Controller, while MVT manages it through Views and Templates.
• Coupling: MVC is highly coupled, whereas MVT is loosely coupled.
• Modifiability: Modifying code in MVC is harder compared to the easier and more flexible structure in MVT.
• Application Suitability: MVC is more suited for large-scale applications, while MVT is great for both small and large applications.
• URL Mapping: MVC doesn’t inherently include URL mapping, but MVT offers built-in URL pattern mapping in Django.
• Clarity: MVC offers a clearer flow, whereas MVT can sometimes be a bit harder to grasp for beginners.

Conclusion: While both MVC and MVT serve similar purposes in structuring web applications, MVT simplifies development by letting the Django framework handle the controller logic internally.

ORM (Object Relational Mapper) is a feature provided by Django to interact with the database using Python code instead of raw SQL queries. It allows developers to add, delete, update, and query database records as Python objects.

Django’s ORM is built on top of a database abstraction API and provides a high-level interface to define and manipulate your database schema. It eliminates the need to write complex SQL manually.

To use Django ORM, you need to have a Django project and at least one app created. Models, which define the database structure, are written in the models.py file of the app.

Once models are defined, you can interact with them using the Django shell. Run the following command in your project directory:

python manage.py shell

This opens a Python interactive shell where you can create, retrieve, update, and delete model objects using ORM methods.

In Django, a superuser is the most powerful user type with full access to the Django Admin interface. A superuser has the permission to create, read, update, and delete any data, including user accounts and model records.

The Django Admin Panel is a built-in interface for managing application data. To access it, you must create a superuser account after applying migrations; otherwise, the necessary tables for user authentication won’t exist.

To create a superuser:

python manage.py createsuperuser

After running the command, follow the prompts to enter a username, email, and password. Once created, you can log in to the admin dashboard at /admin and manage your application’s data securely.

Jinja (specifically Jinja2, its most widely used version) is a powerful templating engine used in Django to dynamically generate HTML, XML, and other markup formats. It allows developers to embed logic and data directly into their templates using simple and intuitive syntax.

Jinja is known for its speed, flexibility, and ease of use. It has been developed as an independent open-source project and can be used across multiple frameworks and libraries.

Key Features of Jinja:

• HTML Escaping: Automatically escapes special characters like <, >, and & to protect against XSS (Cross-Site Scripting) attacks.
• Sandbox Execution: Provides a safe environment for testing template code without affecting the actual application logic.
• Template Inheritance: Allows one template to inherit from another, reducing redundancy and promoting reusable layouts.
• Performance: Renders HTML faster than Django’s default template engine.
• Debugging: Easier to debug and more readable syntax compared to traditional engines.

CSRF stands for Cross-Site Request Forgery, a security vulnerability that tricks users into performing unintended actions on web applications in which they are authenticated. This could include changing account details, submitting forms, or even gaining unauthorized control over user accounts.

To prevent CSRF attacks, Django includes built-in protection using a token-based system. The framework provides a special template tag {% csrf_token %}, which must be included inside every HTML form that modifies data (such as POST forms).

When a page is generated on the server, Django includes a unique CSRF token in the form. When the form is submitted, the server checks whether the request includes the valid token. If the token is missing or incorrect, the request is denied.

Example Usage in a Django Template:

<form method="POST">
    {% csrf_token %}
    <input type="text" name="username" />
    <button type="submit">Submit</button>
</form>

Without the CSRF token, Django will reject the request and display a ‘403 Forbidden’ error. This mechanism adds an important layer of security to Django applications.

Middleware in Django is a lightweight, low-level plugin that processes requests and responses globally before they reach views or after the view is processed. Middleware components can be used to perform tasks such as request authentication, session management, content transformation, and security checks.

Each middleware is a Python class that hooks into Django's request/response processing. Django processes each middleware in order (top-down for requests and bottom-up for responses).

Key Uses of Middleware:

• Security: Provides protection against common threats like clickjacking, XSS, etc. (e.g., SecurityMiddleware).
• Session Handling: Manages user session data (e.g., SessionMiddleware).
• Authentication: Associates users with requests using sessions (e.g., AuthenticationMiddleware).
• CSRF Protection: Ensures forms include valid CSRF tokens (e.g., CsrfViewMiddleware).

Middlewares are defined in the MIDDLEWARE list in the Django project's settings.py file. The order matters, as it defines how requests and responses are processed through each layer.

Example in settings.py:

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    ...
]

To connect your Django project to a database, you need to configure the DATABASES setting inside the settings.py file of your Django project.

By default, Django uses SQLite, which is lightweight and file-based. However, you can change the configuration to connect with other databases such as MySQL, PostgreSQL, or MongoDB (via third-party connectors).

Example: Connecting to a MySQL Database

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'your_db_name',
        'USER': 'your_username',
        'PASSWORD': 'your_password',
        'HOST': 'localhost',
        'PORT': '3306',
    }
}

Steps:

• Install the appropriate database adapter, e.g., pip install mysqlclient for MySQL or psycopg2 for PostgreSQL.
• Update the DATABASES dictionary in settings.py.
• Run python manage.py makemigrations and python manage.py migrate to initialize tables.

After configuration, Django will communicate with your chosen database for storing and retrieving application data.

NoSQL (short for Not Only SQL) refers to a class of non-relational databases that store data in flexible formats such as documents, key-value pairs, wide-columns, or graphs. Unlike traditional relational databases, NoSQL databases are optimized for scalability, speed, and handling unstructured or semi-structured data.

Types of NoSQL Databases:

• Document Databases: e.g., MongoDB, CouchDB
• Key-Value Stores: e.g., Redis, DynamoDB
• Graph Databases: e.g., Neo4j
• Wide-Column Stores: e.g., Apache Cassandra

Django and NoSQL:
By default, Django does not officially support NoSQL databases. Its ORM is designed specifically for relational databases like MySQL, PostgreSQL, and SQLite. However, with the help of third-party packages such as djongo or mongoengine, developers can integrate Django with databases like MongoDB, but this comes with limitations and may not offer full ORM compatibility.

Django officially supports several relational databases through its built-in Object-Relational Mapper (ORM). These include:

• SQLite: This is the default database engine included with Django. It is lightweight, file-based, and ideal for development and small applications.
• PostgreSQL: Django provides robust support for PostgreSQL, including advanced features such as JSON fields and full-text search.
• MySQL: Django supports MySQL, a widely used open-source relational database system.
• Oracle: Django includes support for Oracle databases, which are often used in enterprise settings.

In addition to these, Django can also be extended to work with other databases using third-party backends. These include:

• Microsoft SQL Server
• IBM DB2
• SAP SQL Anywhere
• Firebird

However, Django does not officially support NoSQL databases such as MongoDB, Redis, Neo4j, or CouchDB. Although there are third-party libraries like djongo and django-redis that attempt to bridge the gap, they are not maintained by the core Django team and may lack full ORM integration.

The Django REST Framework (DRF) is a powerful and flexible toolkit built on top of the Django web framework. It simplifies the process of building RESTful APIs for your Django applications by reducing the amount of code required and providing helpful features for API development.

REST stands for Representational State Transfer, which is an architectural style for designing networked applications using HTTP methods such as GET, POST, PUT, and DELETE to interact with data.

Key advantages of using Django REST Framework:

• Web Browsable API: DRF provides a web interface for testing and interacting with APIs, making it easier for developers to understand and debug them.
• Authentication Support: It includes built-in support for authentication systems such as OAuth1 and OAuth2, along with session and token-based authentication.
• Supports Both ORM and Non-ORM Data Sources: DRF can work with Django’s ORM models or with other data formats like raw SQL, external APIs, or custom data sources.
• Extensive Documentation: DRF has well-organized and comprehensive documentation, making it easier to learn and use.
• Community Support: DRF has an active community of developers, ensuring continuous development, updates, and support.

In summary, Django REST Framework is an essential tool for building robust and maintainable APIs quickly and efficiently in Django projects.

To filter items present in our database, we use a QuerySet. A QuerySet is a collection of database objects that can be filtered, ordered, and manipulated to retrieve only the data we need.

The filter() method is used to return only the rows that match the given criteria. It helps narrow down the results by applying conditions on the model fields.

For example, if you have a model called Book, and you want to filter all books published after the year 2020, you can write:

Book.objects.filter(published_year__gt=2020)

This will return a QuerySet containing all Book objects where the published_year is greater than 2020.

The settings.py file is the main configuration file in a Django project. It contains all the essential settings such as database configurations, middleware, backend engines, templating engines, installed applications, static file URLs, main URL configurations, allowed hosts, server settings, and security keys. When a Django project starts, the settings.py file is executed first, which loads and initializes the necessary components to efficiently handle incoming requests.

Django is called a loosely coupled framework because of its Model-Template-View (MTV) architecture. This design pattern, which is a variant of the MVC pattern, separates the different components of the application, making them independent of each other.

In Django's architecture, the Model handles data and business logic, the View manages the user interface and presentation logic, and the Template defines how the data is displayed to the user.

This separation ensures that changes in one component (such as the user interface) do not heavily impact the others (like the data models), promoting modularity and flexibility.

Because these components interact through well-defined interfaces rather than being tightly integrated, Django supports easier maintenance, scalability, and testing, which is why it is considered a loosely coupled framework.

The security of users' data is a critical aspect of any website design.

Django provides robust security features to protect against many common threats.

Some of the key security features in Django include:

• Cross-site scripting (XSS) protection
• SQL injection protection
• Cross-site request forgery (CSRF) protection
• Enforcing SSL/HTTPS for secure communication
• Session security to manage user sessions safely
• Clickjacking protection to prevent UI redressing attacks
• Host header validation to prevent HTTP Host header attacks

Django comes with a built-in authentication system configured by default to handle users, groups, permissions, and related objects.

The core of this system is user objects that authenticate and authorize users.

In addition to the default system, developers can use various third-party apps to enable more advanced authentication features.

The main components of Django's authentication system include:

• Users
• Permissions
• Groups
• Password Hashing System
• Forms Validation
• A pluggable backend system for extending authentication methods

In Django REST Framework, serializers are responsible for converting complex data types, such as Django model instances, into native Python data types that can then be easily rendered into JSON, XML, or other content types suitable for frontend consumption like JavaScript.

After validating the incoming data, serializers also allow deserialization, which is the process of parsing data back into complex types, such as model instances, for use within the application.