It is common to verify the data to be written before it is written to the database, avoiding more serious security issues such as generic SQL injection attacks.
Mayfish can flexibly customize the validation rules for the data content that will be written, to reduce the hassle of manually verifying data for each field by the developer.
Examples are as follows:
First, define the database module
Copy CodeThe code is as follows:
Class Membermodel extends Appmodel
{
/** Setting the database table name **/
Protected $tableName = "Members";
/**
* Data validation rules
*/
Protected $verify = Array (
Array ("Notempty", "username", "user name cannot be left blank"),
Array ("HasOne", "username", "This user already exists, please change another user name and try again"),
Array ("Notempty", "Password", "Password cannot be left blank"),
Array ("Notempty", "email", "email address cannot be left blank"),
Array ("Isemail", "email", "email address format is incorrect"),
Array ("HasOne", "email", "email address already occupied")
);
/**
* Override parent class to add data to inbound methods
* The user password is MD5 encrypted before the method of calling the parent class is written to the database
*/
Public function Create ($data) {
$data = Array_map ("Addslashes", $data); Secure escape of punctuation (single, double quotes) in data
$data ["password"] = MD5 ($data ["Password"]);
Return Parent::create ($data);
}
}
?>
second, perform data write operation
Copy CodeThe code is as follows:
Execute fragment to write data ...
To perform data warehousing operations
Private Function PostData () {
$fields = Array ("username", "password", "email");
$post = Array_map ("trims", $_post); Clear any extra space on both sides of the data
$post = parsehtml ($post, $fields); Clears the specified field contents from HTML processing
$data = Parsefields ($post, $fields); Extract fields that can be written to the database (prevent others from bypassing your page to submit some ulterior data)
$DB = & M ("member");
Perform data validation
if (! $DB->verify ($data)) {
Validation fails, takes out the cause of the failure, and submits it to the template page
$this->assign ("error", $DB->getverifyerror ());
Submit the submitted data to the template (to realize that the user does not seem to have left the page feeling)
$this->assign ("Default", $post);
Render Registration page Template
$this->display ("/register.html");
}
else {
Write to Database
$result = $DB->create ($data);
Returns a Boolean indicating that the data write failed, rendering the registration page template
if (Is_bool ($result)) {
$this->assign ("Default", $post);
$this->display ("/register.html");
}
else {
Registration successful, Render Registration Success page template
$this->assign ("username", $data ["username"]);
$this->display ("/reg_success.html");
}
}
}
The rules for executable validation are
Notempty cannot be empty
Number can only be an integer
Isemail e-mail address is correct
Whether the HasOne is unique (duplicates, whether it already exists)
Regex Custom Regular expression
Verify that the format is
Array (validation method, field name for validation, prompt for validation error)
Validation for a regular expression
Array ("Regex", "mobile", '/^13\d{9}$/', "User name cannot be left blank")
Mayfish Download
http://www.bkjia.com/PHPjc/321655.html www.bkjia.com true http://www.bkjia.com/PHPjc/321655.html techarticle It is common to verify the data to be written before it is written to the database, avoiding more serious security issues such as generic SQL injection attacks. Mayfish can be spiritual ...
