To exclude form verification, for example, if you want to call a Model method in the controller, transfer it to one of the parameters in this method, for example, $ city_id is actually the $ city_id, that is, it can be an int or an array. So where are the $ city_id POST at this time...
Exclude Form Verification
For exampleModel
, Then pass to one of the parameters in this method, such$city_id
Actually, this$city_id
That is, it can beint
It can also bearray
In this case, POST$city_id
Generally, the verification is conducted.
If the model verification is performed, it is difficult to tune the model once more.
However, if the model is verified by the Controller, I think it is better to validate the model once, in case other people call my own method and directly query the data without checking the controller. In this case, the controller and the model perform the same verification on the data twice.
So I would like to ask you how to deal with the most common encoding process?
Reply content:
Exclude Form Verification
For exampleModel
, Then pass to one of the parameters in this method, such$city_id
Actually, this$city_id
That is, it can beint
It can also bearray
In this case, POST$city_id
Generally, the verification is conducted.
If the model verification is performed, it is difficult to tune the model once more.
However, if the model is verified by the Controller, I think it is better to validate the model once, in case other people call my own method and directly query the data without checking the controller. In this case, the controller and the model perform the same verification on the data twice.
So I would like to ask you how to deal with the most common encoding process?
I usually filter the read/write information of the database. As follows:
User_modelpublic function get_user_name ($ uid) {$ uid = intval ($ uid); // check if (! $ Uid) {return FALSE;} esle {.... // database query operation} controllerpublic function user () {$ uid = $ _ GET ['id]; if (! M ('user _ model')-> get_user_name ($ uid) {return FALSE;} // subsequent operations}
If there is a built-in filtering method for the Framework, the pdo mechanism is also quite high;
Check all data. Haha, It is required before database operations ~
If you think about it, it is more reasonable to filter the model.