This article mainly introduces the create method in ThinkPHP and the implementation method of automatic token verification, which has a very important purpose, for more information about how to implement the create method and automatic token verification in ThinkPHP, follow these steps:
I. Data table structure
The user table structure is as follows:
Id username password
II. view template
The \ aoli \ Home \ Tpl \ default \ User \ create.html page is as follows:
III. action:
The \ aoli \ Home \ Lib \ Action. php page is as follows:
<? Php class UserAction extends Action {function create () {$ this-> display ();} function addit () {// add the form content to the table user $ user = M ('user'); $ user-> create (); $ user-> add (); // Determine whether token verification if (! $ User-> autoCheckToken ($ _ POST) {dump ('no');} else {dump ('yes') ;}}?>
1. before performing operations on the data submitted by the form, we often need to manually create the required data, such as the form data submitted above:
// Instantiate the User model $ user = M ('user '); // Obtain the form's POST data $ data ['username'] = $ _ POST ['username'] $ data ['password'] = $ _ POST ['password']/ /write to database $ user-> data ($ data) -> add ();
Note: data objects created using the data method will not be automatically verified and filtered. they must be processed by themselves. if you just want to create a data object and do not need to complete some additional functions, you can use the data method to create a data object.
2. ThinkPHP can help us quickly create data objects. The most typical application is to automatically create data objects based on form data. The data objects created by the create method are stored in the memory and are not actually written to the database.
// Instantiate the user model $ user = M ('user'); // create a data object based on the POST data submitted by the form and save it in the memory. you can use dump ($ user) view $ user = create (); // write the created data object to the database $ user-> add ();
3. the create method allows you to create data objects from other methods, such as other data objects or arrays.
$ Data ['name'] = 'thinkphp'; $ data ['eamil '] = 'thinkphp @ gmail.com'; $ user-> create ($ data ); you can even create new data objects from an object. for example, you can create a new member data object $ user = M ('user') from a user data object '); $ user-> find (1); $ member = M ('member'); $ member-> create ($ user );
4. the create method also makes some meaningful work while creating data objects, including token verification, automatic data verification, field type search, and automatic data completion.
Because, we are familiar with the token verification, automatic verification and automatic completion functions, in fact, they must use the create method to take effect.
5. token verification:
Function: effectively prevents forms from being submitted remotely.
Add the following configuration to config. php:
'Token _ on' => true, // whether to enable TOKEN verification 'token _ name' => 'token ', // The hidden field name 'token _ type' => 'md5' in the form for TOKEN verification. // The hash rule for TOKEN verification
The automatic token will put an md5 encrypted string in the current SESSION. And insert the string in the form of hidden fields before the form. This string appears in two places, one in the SESSION and the other in the form. After you submit a form, the first thing on the server is to compare the SESSION information. if the SESSION information is correct, you are allowed to submit the form. Otherwise, you are not allowed to submit the form.
In the source code of create.html, an automatically generated hidden field is added before the form end mark.
(1) If you want to control the location of hidden fields, you can manually add an identifier to the form page. The system will automatically replace the field when outputting the template.
(2) If form token verification is enabled, some forms do not require token verification.
Function, you can add {__notoken __} on the form page, the system will ignore the token verification of the current form.
(3) If there are multiple forms on the page, it is recommended to add an identifier and ensure that only one form requires token verification.
(4) If you use the create method to create a data object, form verification is automatically performed at the same time. if you do not use this method, you need to manually call the autoCheckToken method of the model for form verification.
If (! $ User-> autoCheckToken ($ _ POST) {// token verification error}
I hope the examples shown in this article will be helpful for ThinkPHP programming.