Mayfish Data Inbound validation Code _php tutorial

Source: Internet
Author: User
It is common to verify the data to be written before it is written to the database, avoiding more serious security issues such as generic SQL injection attacks.
Mayfish can flexibly customize the validation rules for the data content that will be written, to reduce the hassle of manually verifying data for each field by the developer.
Examples are as follows:
First, define the database module
Copy CodeThe code is as follows:
Class Membermodel extends Appmodel
{
/** Setting the database table name **/
Protected $tableName = "Members";
/**
* Data validation rules
*/
Protected $verify = Array (
Array ("Notempty", "username", "user name cannot be left blank"),
Array ("HasOne", "username", "This user already exists, please change another user name and try again"),
Array ("Notempty", "Password", "Password cannot be left blank"),
Array ("Notempty", "email", "email address cannot be left blank"),
Array ("Isemail", "email", "email address format is incorrect"),
Array ("HasOne", "email", "email address already occupied")
);
/**
* Override parent class to add data to inbound methods
* The user password is MD5 encrypted before the method of calling the parent class is written to the database
*/
Public function Create ($data) {
$data = Array_map ("Addslashes", $data); Secure escape of punctuation (single, double quotes) in data
$data ["password"] = MD5 ($data ["Password"]);
Return Parent::create ($data);
}
}
?>

second, perform data write operation
Copy CodeThe code is as follows:
Execute fragment to write data ...
To perform data warehousing operations
Private Function PostData () {
$fields = Array ("username", "password", "email");
$post = Array_map ("trims", $_post); Clear any extra space on both sides of the data
$post = parsehtml ($post, $fields); Clears the specified field contents from HTML processing
$data = Parsefields ($post, $fields); Extract fields that can be written to the database (prevent others from bypassing your page to submit some ulterior data)
$DB = & M ("member");
Perform data validation
if (! $DB->verify ($data)) {
Validation fails, takes out the cause of the failure, and submits it to the template page
$this->assign ("error", $DB->getverifyerror ());
Submit the submitted data to the template (to realize that the user does not seem to have left the page feeling)
$this->assign ("Default", $post);
Render Registration page Template
$this->display ("/register.html");
}
else {
Write to Database
$result = $DB->create ($data);
Returns a Boolean indicating that the data write failed, rendering the registration page template
if (Is_bool ($result)) {
$this->assign ("Default", $post);
$this->display ("/register.html");
}
else {
Registration successful, Render Registration Success page template
$this->assign ("username", $data ["username"]);
$this->display ("/reg_success.html");
}
}
}

The rules for executable validation are
Notempty cannot be empty
Number can only be an integer
Isemail e-mail address is correct
Whether the HasOne is unique (duplicates, whether it already exists)
Regex Custom Regular expression

Verify that the format is
Array (validation method, field name for validation, prompt for validation error)
Validation for a regular expression
Array ("Regex", "mobile", '/^13\d{9}$/', "User name cannot be left blank")

Mayfish Download

http://www.bkjia.com/PHPjc/321655.html www.bkjia.com true http://www.bkjia.com/PHPjc/321655.html techarticle It is common to verify the data to be written before it is written to the database, avoiding more serious security issues such as generic SQL injection attacks. Mayfish can be spiritual ...

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.