Typically, the data to be written is validated before it is written to the database, avoiding more serious security issues (such as a generic SQL injection attack).
Mayfish can flexibly customize the validation rules for the content of the data to be written to reduce the hassle of developers manually verifying data for each field.
Examples are as follows:
First, define the database module
Copy Code code as follows:
<?php
Class Membermodel extends Appmodel
{
/** Set database table name **/
Protected $tableName = "Members";
/**
* Data validation rules
*/
Protected $verify = Array (
Array ("Notempty", "username", "user name cannot be left blank"),
Array ("Hasone", "username", "This user already exists, please try again with another user name"),
Array ("Notempty", "Password", "Password cannot be left blank"),
Array ("Notempty", "email", "email address cannot be left blank"),
Array ("Isemail", "email", "incorrect email address format"),
Array ("Hasone", "email", "email address already occupied")
);
/**
* Overwrite the parent class to add data to the storage method
* MD5 encrypt the user's password before invoking the method of the parent class to write to the database
*/
Public function Create ($data) {
$data = Array_map ("Addslashes", $data); To safely escape punctuation marks (single, double quotes) in data
$data ["password"] = MD5 ($data ["Password"]);
Return Parent::create ($data);
}
}
?>
second, perform data write operations
Copy Code code as follows:
Execute fragment to write data ...
Perform a data warehousing operation
Private Function PostData () {
$fields = Array ("username", "password", "email");
$post = Array_map ("trims", $_post); Clear all extra spaces on both sides of the data
$post = parsehtml ($post, $fields); Clears the specified field contents for HTML processing
$data = Parsefields ($post, $fields); Extract fields that can be written to the database (prevent others from bypassing your page to submit some ulterior data)
$DB = & M ("member");
Perform data validation
if (! $DB->verify ($data)) {
Validation failed, take out the cause of the failure, and submit to the template page
$this->assign ("error", $DB->getverifyerror ());
Submit the data submitted to the template (to achieve the user does not seem to have left the page feeling)
$this->assign ("Default", $post);
Render Registration page Template
$this->display ("/register.html");
}
else {
Writing to the database
$result = $DB->create ($data);
Returns a Boolean indicating that the data write failed, rendering the registration page template
if (Is_bool ($result)) {
$this->assign ("Default", $post);
$this->display ("/register.html");
}
else {
Registration successful, Render registration successful page template
$this->assign ("username", $data ["username"]);
$this->display ("/reg_success.html");
}
}
}
The rules for executable validation are
Notempty cannot be empty
Number can only be an integer
Isemail Mailbox address is correct
Whether the Hasone is unique (duplicates, whether it already exists)
Regex Custom Regular expression
The format of the validation is
Array (validation method, field name for validation, prompt for validation error)
For validation of regular expressions
Array ("Regex", "mobile", '/^13\d{9}$/', "User name cannot be left blank")
Mayfish Download