New features of thinkphp v3.1 Development framework: field legality detection

3.1 Increased the form submission of the field of legality detection, better protection of data security. This feature is an important part of the 3.1 security features.
The validation of form fields requires the creation method to be used to create a data object, in two ways:

Attribute definition

You can configure the Insertfields and Updatefields properties for the model to add and edit form settings, and when you create a data object using the creation method, properties that are not in the definition range are discarded directly, avoiding the form submitting illegal data.
The settings for the Insertfields and Updatefields properties take the form of strings (comma-separated multiple fields) or arrays, such as:

Class&http://www.aliyun.com/zixun/aggregation/37954.html ">NBSP;     Usermodel extends model{protected $insertFields = Array (' account ', ' Password ', ' nickname ', ' email '); Protected $updateFields = Array (' nickname ', ' email '); }

The fields you set should be the actual 6184.html ">" data table field, not affected by the field mappings.
When used, when we call the Create method, the Insertfields and Updatefields attributes are automatically recognized according to the commit type:

D (' User ')->create ();

When creating a data object using the Create method, when new user data is added, the fields that are outside of ' account ', ' Password ', ' nickname ', ' email ' are blocked, and the editor will screen ' nickname ', ' Email ' field.
The following are the same methods that are used in string definitions:

Class Usermodel extends model{protected $insertFields = ' account,password,nickname,email '; protected $updateFields = ' nickname,email '; }

Method call

If you do not want to define the Insertfields and Updatefields properties, or if you want to be able to invoke them dynamically, you can call the field method directly before calling the Create method, for example, the same effect as the example above:
When adding user data, use:

$User = M (' User '); $User->field (' Account,password,nickname,email ')->create (); $User->add ();

When updating user data, use:

$User = M (' User '); $User->field (' Nickname,email ')->create (); $User->where ($map)->save ();

The field here is also the actual data table segment. The field method can also use array methods.
After you use the field legality detection, you no longer need to worry about the user to inject illegal field data when submitting the form. Obviously the second way is more flexible, depending on the needs of the choice!