Before writing data to the database, you should first verify the data to be written to avoid serious security issues (such as general SQL injection attacks ).
Mayfish can flexibly customize validation rules for the data content to be written to reduce the trouble for developers to manually verify the data of each field.
Example:
I. first define the database module
Copy codeThe Code is as follows:
<? Php
Class MemberModel extends AppModel
{
/** Set the database table name **/
Protected $ tableName = "members ";
/**
* Data verification rules
*/
Protected $ verify = array (
Array ("NotEmpty", "username", "user name cannot be blank "),
Array ("hasOne", "username", "this user already exists. Please try again with another user name "),
Array ("NotEmpty", "password", "password cannot be blank "),
Array ("NotEmpty", "email", "email address cannot be left blank "),
Array ("isEmail", "email", "Incorrect email address format "),
Array ("hasOne", "email", "email address occupied ")
);
/**
* Overwrite the method for adding data to the database of the parent class.
* Perform md5 encryption on the user password first, and then call the parent class method to write the data to the database.
*/
Public function create ($ data ){
$ Data = array_map ("addslashes", $ data); // escape punctuation marks (single or double quotation marks) in the data
$ Data ["password"] = md5 ($ data ["password"]);
Return parent: create ($ data );
}
}
?>
Ii. Write Data
Copy codeThe Code is as follows:
// Execute the Data Writing fragment...
// Perform the data warehouse receiving operation
Private function PostData (){
$ Fields = array ("username", "password", "email ");
$ Post = array_map ("trims", $ _ POST); // clear unnecessary spaces on both sides of all data
$ Post = parseHTML ($ post, $ fields); // clear the specified field content in HTML.
$ Data = parseFields ($ post, $ fields); // extract fields that can be written to the database (prevent others from submitting some ulterior motives on your page)
$ DB = & M ("member ");
// Perform data verification
If (! $ DB-> verify ($ data )){
// The verification fails. Retrieve the cause of the failure and submit it to the template page.
$ This-> assign ("error", $ DB-> getVerifyError ());
// Submit the submitted data to the template (to make the user feel as though they have not left the page)
$ This-> assign ("default", $ post );
// Render registration page template
$ This-> display ("/register.html ");
}
Else {
// Write data to the database
$ Result = $ DB-> create ($ data );
// Return a Boolean value, indicating that Data Writing fails and the registration page template is rendered.
If (is_bool ($ result )){
$ This-> assign ("default", $ post );
$ This-> display ("/register.html ");
}
Else {
// Registration successful. The rendering registration successful Page Template
$ This-> assign ("username", $ data ["username"]);
$ This-> display ("/reg_success.html ");
}
}
}
The verifiable rules are:
NotEmpty cannot be blank
Number can only be an integer.
Is the isEmail address correct?
Whether hasOne is unique (whether it is repeated, whether it already exists)
Regex custom Regular Expression
The verification format is
Array (verification method, verification field name, verification error prompt information)
Verification of Regular Expression
Array ("Regex", "mobile", '/^ 13 \ d {9} $/', "user name cannot be blank ")
MayFish download