ThinkPHP create method and automatic token verification instance tutorial, thinkphpcreate
This article demonstrates the implementation of the create method and automatic token verification in ThinkPHP in the form of an example. The specific steps are as follows:
I. Data Table Structure
The user table structure is as follows:
Id username password
Ii. view Template
The \ aoli \ Home \ Tpl \ default \ User \ create.html page is as follows:
<Form action = "_ URL _/addit" method = "post"> <input type = "text" name = "id"/> <input type = "text" name = "username"/> <input type = "password" name = "password"/> <input type = "submit" name = "sub" value = "submit"/> </form>
Iii. action:
The \ aoli \ Home \ Lib \ Action. php page is as follows:
<? Php class UserAction extends Action {function create () {$ this-> display ();} function addit () {// add the form content to the table user $ user = M ('user'); $ user-> create (); $ user-> add (); // determine whether token verification if (! $ User-> autoCheckToken ($ _ POST) {dump ('no');} else {dump ('yes') ;}}?>
1. Before performing operations on the data submitted by the form, we often need to manually create the required data, such as the form data submitted above:
// Instantiate the User model $ user = M ('user '); // obtain the form's POST data $ data ['username'] = $ _ POST ['username'] $ data ['Password'] = $ _ POST ['Password']/ /write to database $ user-> data ($ data) -> add ();
Note: data objects created using the data method will not be automatically verified and filtered. They must be processed by themselves. If you just want to create a data object and do not need to complete some additional functions, you can use the data method to create a data object.
2. ThinkPHP can help us quickly create data objects. The most typical application is to automatically create Data Objects Based on form data. The data objects created by the create method are stored in the memory and are not actually written to the database.
// Instantiate the user model $ user = M ('user'); // create a data object based on the POST data submitted by the form and save it in the memory. You can use dump ($ user) view $ user = create (); // write the created data object to the database $ user-> add ();
3. The create method allows you to create data objects from other methods, such as other data objects or arrays.
$ Data ['name'] = 'thinkphp'; $ data ['eamil '] = 'thinkphp @ gmail.com'; $ user-> create ($ data ); you can even create new data objects from an object. For example, you can create a new member data object $ user = M ('user') from a user data object '); $ user-> find (1); $ member = M ('member'); $ member-> create ($ user );
4. The create method also makes some meaningful work while creating data objects, including token verification, automatic data verification, field type search, and automatic data completion.
Because, we are familiar with the token verification, automatic verification and Automatic completion functions, in fact, they must use the create method to take effect.
5. Token Verification:
Function: effectively prevents forms from being submitted remotely.
Add the following configuration to config. php:
'Token _ on' => true, // whether to enable TOKEN verification 'token _ name' => 'Token ', // The hidden field name 'token _ type' => 'md5' in the form for TOKEN verification. // The hash rule for TOKEN Verification
The automatic token will put an md5 encrypted string in the current SESSION. And insert the string in the form of hidden fields before the form. This string appears in two places, one in the SESSION and the other in the form. After you submit a form, the first thing on the server is to compare the SESSION information. If the SESSION information is correct, you are allowed to submit the form. Otherwise, you are not allowed to submit the form.
In the source code of create.html, an automatically generated hidden field is added before the form end mark.
<input type="hidden" name="token" value="eef419c3d14c9c93caa7627eedaba4a5" />
(1) If you want to manually control the location of the hidden field, you can manually add the {__token __} identifier on the form page. The system will automatically replace it when outputting the template.
(2) If form token verification is enabled, some forms do not require token verification.
Function, you can add {__notoken __} on the form page, the system will ignore the token verification of the current form.
(3) If multiple forms exist on the page, we recommend that you add the {__token __} identifier and ensure that only one form requires TOKEN verification.
(4) If you use the create method to create a data object, Form Verification is automatically performed at the same time. If you do not use this method, you need to manually call the autoCheckToken method of the model for form verification.
If (! $ User-> autoCheckToken ($ _ POST) {// token verification error}
I hope the examples shown in this article will be helpful for ThinkPHP programming.
What is the use of the ThinkPHP: create () method?
1. the create method can process the data submitted by POST (the data instance is automatically encapsulated by the correspondence between the field name in the table and the name submitted by the form). For example, the user table has a field named "username ", if there is a <input name = "username" value = "Xiao Ming"> in the form, $ User = M ('user'); $ data = $ User-> create (); echo $ data ['username']; then, "Xiao Ming" is output. You do not need to use $ _ POST ['username'] to receive the message.
2. The create method can be used to verify the form token to prevent repeated submission of the form.
3. You can automatically verify the data on the premise that you must manually create a UserModel. class. php file in the Model folder and add verification rules to it.
Protected $ _ validate = array (
Array ('username', 'require ', 'username required', 1 ),
);
4. You can assign values to fields automatically, on the premise that you must manually create a UserModel. class. php file in the Model folder and add
Protected $ _ auto = array (
Array ('create _ time', 'time', self: MODEL_INSERT, 'function '),
);
The user registration time is automatically assigned to the current time.
Add the source code of the create method:
/**
* Create a data object but not save it to the database
* @ Access public
* @ Param mixed $ data create data
* @ Param string $ type status
* @ Return mixed
*/
Public function create ($ data = '', $ type = ''){
// If no value is passed, the POST data is used by default.
If (empty ($ data )){
$ Data =$ _ POST;
} Elseif (is_object ($ data )){
$ Data = get_object_vars ($ data );
}
// Verify the data
If (empty ($ data) |! Is_array ($ data )){
$ This-> error = L ('_ DATA_TYPE_INVALID _');
Return false;
}
// Check field ing
$ Data = $ this-> parseFieldsMap ($ data, 0 );
// Status
$ Type = $ type? $ Type :(! Empty ($ data [$ this-> ge ...... remaining full text>
Thinkphp automatically verifies the error message: _ TOKEN_ERROR _ what does it mean?
The new version of ThinkPHP provides the form token verification function, which effectively prevents security protection such as remote submission of forms.
Configuration parameters related to form TOKEN verification include: 'token _ on' => true, // whether to enable TOKEN verification 'token _ name' => '_ hash __', // The hidden field name of the form for TOKEN verification is 'token _ type' => 'md5'. // The hash verification rule for the TOKEN is md5 by default. If the form TOKEN verification function is enabled, the system automatically generates a hidden field named TOKEN_NAME in the template file with a form. The value is a hash string generated in TOKEN_TYPE mode, which is used for automatic token verification of the form. The automatically generated hidden fields are located before the Form end flag. If you want to manually control the position of the hidden fields, you can manually add the identifiers on the Form page. The system will automatically replace the hidden fields when outputting the template. If you do not need to use the token verification function for individual forms when form token verification is enabled, you can add {__ NOTOKEN __} on the form page. The system will ignore the token verification of the current form. If multiple forms exist on the page, we recommend that you add an identifier and ensure that only one form requires token verification. The model class automatically performs form token verification when creating a data object. If you do not use the create method to create a data object, you need to manually call the autoCheckToken method of the model for form token verification. If false is returned, the form token verification is incorrect. Example: $ User = M ("User"); // instantiate the User object // manually verify the token if (! $ User-> autoCheckToken ($ _ POST) {// token verification error