Python for Web Development: Django vs Flask in 2025

By /

Python’s Dominance in Web Development

Python has become one of the most popular languages for web development, powering giants like Instagram, Spotify, Pinterest, and Dropbox. Its clean syntax, vast ecosystem, and strong community support make it an excellent choice for building web applications of any scale.

The Two Titans: Django vs Flask

Django: The Batteries-Included Framework

Django follows the “batteries included” philosophy, providing everything you need out of the box:

  • ORM (Object-Relational Mapping)
  • Admin interface
  • Authentication system
  • Form handling
  • Template engine
  • URL routing
  • Security features
  • Database migrations

Flask: The Micro Framework

Flask is minimalist and flexible, giving you control over components:

  • Lightweight core
  • Easy to learn
  • Choose your own tools
  • Perfect for microservices
  • Great for APIs
  • Extensive extensions ecosystem

Django: Building a Full Application

Project Setup

# Install Django
pip install django

# Create project
django-admin startproject myproject
cd myproject

# Create app
python manage.py startapp blog

# Run migrations
python manage.py migrate

# Create superuser
python manage.py createsuperuser

# Run development server
python manage.py runserver

Define Models

# blog/models.py
from django.db import models
from django.contrib.auth.models import User

class Post(models.Model):
    title = models.CharField(max_length=200)
    slug = models.SlugField(unique=True)
    content = models.TextField()
    author = models.ForeignKey(User, on_delete=models.CASCADE)
    created_at = models.DateTimeField(auto_now_add=True)
    updated_at = models.DateTimeField(auto_now=True)
    published = models.BooleanField(default=False)
    
    class Meta:
        ordering = ['-created_at']
    
    def __str__(self):
        return self.title

class Comment(models.Model):
    post = models.ForeignKey(Post, on_delete=models.CASCADE, related_name='comments')
    author = models.ForeignKey(User, on_delete=models.CASCADE)
    content = models.TextField()
    created_at = models.DateTimeField(auto_now_add=True)
    
    def __str__(self):
        return f'Comment by {self.author.username} on {self.post.title}'

Create Views

# blog/views.py
from django.shortcuts import render, get_object_or_404
from django.views.generic import ListView, DetailView
from .models import Post

class PostListView(ListView):
    model = Post
    template_name = 'blog/post_list.html'
    context_object_name = 'posts'
    paginate_by = 10
    
    def get_queryset(self):
        return Post.objects.filter(published=True)

class PostDetailView(DetailView):
    model = Post
    template_name = 'blog/post_detail.html'
    context_object_name = 'post'
    
    def get_queryset(self):
        return Post.objects.filter(published=True)

Configure URLs

# blog/urls.py
from django.urls import path
from . import views

app_name = 'blog'

urlpatterns = [
    path('', views.PostListView.as_view(), name='post_list'),
    path('post//', views.PostDetailView.as_view(), name='post_detail'),
]

# myproject/urls.py
from django.contrib import admin
from django.urls import path, include

urlpatterns = [
    path('admin/', admin.site.urls),
    path('blog/', include('blog.urls')),
]

Create Templates


{% extends 'base.html' %}

{% block content %}
  
Blog Posts

  
  {% for post in posts %}
    

      
{{ post.title }}

      
By {{ post.author.username }} on {{ post.created_at|date:"F j, Y" }}

      
{{ post.content|truncatewords:50 }}

    

  {% endfor %}
  
  
  {% if is_paginated %}
    
  {% endif %}
{% endblock %}

Register with Admin

# blog/admin.py
from django.contrib import admin
from .models import Post, Comment

@admin.register(Post)
class PostAdmin(admin.ModelAdmin):
    list_display = ['title', 'author', 'published', 'created_at']
    list_filter = ['published', 'created_at', 'author']
    search_fields = ['title', 'content']
    prepopulated_fields = {'slug': ('title',)}
    date_hierarchy = 'created_at'
    ordering = ['-created_at']

@admin.register(Comment)
class CommentAdmin(admin.ModelAdmin):
    list_display = ['author', 'post', 'created_at']
    list_filter = ['created_at']
    search_fields = ['content']

Flask: Building an API

Basic Setup

# Install Flask and extensions
pip install flask flask-sqlalchemy flask-jwt-extended

# app.py
from flask import Flask, jsonify, request
from flask_sqlalchemy import SQLAlchemy
from flask_jwt_extended import JWTManager, create_access_token, jwt_required, get_jwt_identity
from werkzeug.security import generate_password_hash, check_password_hash
from datetime import timedelta

app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///blog.db'
app.config['JWT_SECRET_KEY'] = 'your-secret-key'
app.config['JWT_ACCESS_TOKEN_EXPIRES'] = timedelta(hours=1)

db = SQLAlchemy(app)
jwt = JWTManager(app)

Define Models

# models.py
from app import db
from datetime import datetime

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    email = db.Column(db.String(120), unique=True, nullable=False)
    password_hash = db.Column(db.String(255), nullable=False)
    posts = db.relationship('Post', backref='author', lazy=True)
    
    def to_dict(self):
        return {
            'id': self.id,
            'username': self.username,
            'email': self.email
        }

class Post(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    title = db.Column(db.String(200), nullable=False)
    content = db.Column(db.Text, nullable=False)
    created_at = db.Column(db.DateTime, default=datetime.utcnow)
    updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
    
    def to_dict(self):
        return {
            'id': self.id,
            'title': self.title,
            'content': self.content,
            'author': self.author.username,
            'created_at': self.created_at.isoformat(),
            'updated_at': self.updated_at.isoformat()
        }

Create Routes

# routes.py
from flask import jsonify, request
from app import app, db
from models import User, Post
from werkzeug.security import generate_password_hash, check_password_hash
from flask_jwt_extended import create_access_token, jwt_required, get_jwt_identity

# Authentication
@app.route('/api/register', methods=['POST'])
def register():
    data = request.get_json()
    
    if User.query.filter_by(username=data['username']).first():
        return jsonify({'error': 'Username already exists'}), 400
    
    user = User(
        username=data['username'],
        email=data['email'],
        password_hash=generate_password_hash(data['password'])
    )
    db.session.add(user)
    db.session.commit()
    
    return jsonify(user.to_dict()), 201

@app.route('/api/login', methods=['POST'])
def login():
    data = request.get_json()
    user = User.query.filter_by(username=data['username']).first()
    
    if not user or not check_password_hash(user.password_hash, data['password']):
        return jsonify({'error': 'Invalid credentials'}), 401
    
    access_token = create_access_token(identity=user.id)
    return jsonify({'access_token': access_token}), 200

# Posts
@app.route('/api/posts', methods=['GET'])
def get_posts():
    posts = Post.query.order_by(Post.created_at.desc()).all()
    return jsonify([post.to_dict() for post in posts]), 200

@app.route('/api/posts/', methods=['GET'])
def get_post(post_id):
    post = Post.query.get_or_404(post_id)
    return jsonify(post.to_dict()), 200

@app.route('/api/posts', methods=['POST'])
@jwt_required()
def create_post():
    user_id = get_jwt_identity()
    data = request.get_json()
    
    post = Post(
        title=data['title'],
        content=data['content'],
        user_id=user_id
    )
    db.session.add(post)
    db.session.commit()
    
    return jsonify(post.to_dict()), 201

@app.route('/api/posts/', methods=['PUT'])
@jwt_required()
def update_post(post_id):
    user_id = get_jwt_identity()
    post = Post.query.get_or_404(post_id)
    
    if post.user_id != user_id:
        return jsonify({'error': 'Unauthorized'}), 403
    
    data = request.get_json()
    post.title = data.get('title', post.title)
    post.content = data.get('content', post.content)
    db.session.commit()
    
    return jsonify(post.to_dict()), 200

@app.route('/api/posts/', methods=['DELETE'])
@jwt_required()
def delete_post(post_id):
    user_id = get_jwt_identity()
    post = Post.query.get_or_404(post_id)
    
    if post.user_id != user_id:
        return jsonify({'error': 'Unauthorized'}), 403
    
    db.session.delete(post)
    db.session.commit()
    
    return '', 204

# Error handlers
@app.errorhandler(404)
def not_found(error):
    return jsonify({'error': 'Not found'}), 404

@app.errorhandler(500)
def internal_error(error):
    return jsonify({'error': 'Internal server error'}), 500

if __name__ == '__main__':
    with app.app_context():
        db.create_all()
    app.run(debug=True)

Feature Comparison

Feature Django Flask
Learning Curve Steeper (more to learn) Gentle (minimal core)
Project Size Medium to Large Small to Medium
Admin Interface Built-in, powerful Flask-Admin (extension)
ORM Django ORM (built-in) SQLAlchemy (extension)
Authentication Built-in, comprehensive Extensions needed
Flexibility Opinionated structure Highly flexible
Async Support Yes (Django 3.0+) Yes (with extensions)
Best For Full applications, CMS APIs, microservices

When to Choose Django

  • Building a full-featured web application
  • Need admin interface out of the box
  • Want comprehensive authentication/authorization
  • Prefer convention over configuration
  • Building content-heavy sites
  • Need rapid development with proven patterns

When to Choose Flask

  • Building RESTful APIs
  • Creating microservices
  • Need maximum flexibility
  • Want to choose your own components
  • Building prototypes quickly
  • Learning web development

Modern Python Web Development Tools

FastAPI – The New Contender

from fastapi import FastAPI, HTTPException
from pydantic import BaseModel
from typing import List

app = FastAPI()

class Post(BaseModel):
    id: int
    title: str
    content: str

posts_db = []

@app.get("/posts", response_model=List[Post])
async def get_posts():
    return posts_db

@app.post("/posts", response_model=Post, status_code=201)
async def create_post(post: Post):
    posts_db.append(post)
    return post

# Automatic API documentation at /docs

Popular Extensions

  • Django REST Framework – Building APIs with Django
  • Celery – Asynchronous task queue
  • pytest – Testing framework
  • Gunicorn – Production WSGI server
  • WhiteNoise – Static file serving
  • Redis – Caching and sessions

Deployment Best Practices

Using Docker

# Dockerfile
FROM python:3.11-slim

WORKDIR /app

COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

COPY . .

EXPOSE 8000

CMD ["gunicorn", "--bind", "0.0.0.0:8000", "myproject.wsgi:application"]

Environment Configuration

# .env
DEBUG=False
SECRET_KEY=your-secret-key
DATABASE_URL=postgresql://user:pass@localhost/dbname
ALLOWED_HOSTS=yourdomain.com,www.yourdomain.com

# settings.py (Django)
import os
from pathlib import Path

DEBUG = os.getenv('DEBUG', 'False') == 'True'
SECRET_KEY = os.getenv('SECRET_KEY')
ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', '').split(',')

Testing

Django Tests

# blog/tests.py
from django.test import TestCase
from django.contrib.auth.models import User
from .models import Post

class PostModelTest(TestCase):
    def setUp(self):
        self.user = User.objects.create_user(
            username='testuser',
            password='testpass123'
        )
        self.post = Post.objects.create(
            title='Test Post',
            content='Test content',
            author=self.user
        )
    
    def test_post_creation(self):
        self.assertEqual(self.post.title, 'Test Post')
        self.assertEqual(self.post.author, self.user)
    
    def test_post_str(self):
        self.assertEqual(str(self.post), 'Test Post')

Flask Tests

# test_app.py
import pytest
from app import app, db
from models import User, Post

@pytest.fixture
def client():
    app.config['TESTING'] = True
    app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///:memory:'
    
    with app.test_client() as client:
        with app.app_context():
            db.create_all()
        yield client
        with app.app_context():
            db.drop_all()

def test_get_posts(client):
    response = client.get('/api/posts')
    assert response.status_code == 200
    assert isinstance(response.json, list)

Performance Optimization

  • Database Query Optimization – Use select_related() and prefetch_related()
  • Caching – Redis, Memcached for frequently accessed data
  • Database Indexing – Index frequently queried fields
  • Async Views – For I/O-bound operations
  • Static Files – Use CDN for static assets
  • Connection Pooling – Reuse database connections

Conclusion

Both Django and Flask are excellent frameworks with different philosophies. Django’s “batteries included” approach accelerates development of full-featured applications, while Flask’s minimalism provides flexibility for specialized use cases. Choose based on project requirements, team expertise, and long-term maintenance considerations.

For most web applications, Django is the safer bet. For APIs and microservices, Flask or FastAPI might be better choices. Regardless of your choice, Python’s web development ecosystem provides robust tools for building modern, scalable applications.

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top