New features of thinkphp v3.1 Development framework: field legality detection

Source: Internet
Author: User
Keywords Development framework new features thinkphp legality testing
Tags array configure create creating creating a data data security development

3.1 Increased the form submission of the field of legality detection, better protection of data security. This feature is an important part of the 3.1 security features.
The validation of form fields requires the creation method to be used to create a data object, in two ways:

Attribute definition

You can configure the Insertfields and Updatefields properties for the model to add and edit form settings, and when you create a data object using the creation method, properties that are not in the definition range are discarded directly, avoiding the form submitting illegal data.
The settings for the Insertfields and Updatefields properties take the form of strings (comma-separated multiple fields) or arrays, such as:

Class&http://www.aliyun.com/zixun/aggregation/37954.html ">NBSP;     Usermodel extends model{protected $insertFields = Array (' account ', ' Password ', ' nickname ', ' email '); Protected $updateFields = Array (' nickname ', ' email '); }

The fields you set should be the actual 6184.html ">" data table field, not affected by the field mappings.
When used, when we call the Create method, the Insertfields and Updatefields attributes are automatically recognized according to the commit type:

D (' User ')->create ();

When creating a data object using the Create method, when new user data is added, the fields that are outside of ' account ', ' Password ', ' nickname ', ' email ' are blocked, and the editor will screen ' nickname ', ' Email ' field.
The following are the same methods that are used in string definitions:

Class Usermodel extends model{protected $insertFields = ' account,password,nickname,email '; protected $updateFields = ' nickname,email '; }

Method call

If you do not want to define the Insertfields and Updatefields properties, or if you want to be able to invoke them dynamically, you can call the field method directly before calling the Create method, for example, the same effect as the example above:
When adding user data, use:

$User = M (' User '); $User->field (' Account,password,nickname,email ')->create (); $User->add ();

When updating user data, use:

$User = M (' User '); $User->field (' Nickname,email ')->create (); $User->where ($map)->save ();

The field here is also the actual data table segment. The field method can also use array methods.
After you use the field legality detection, you no longer need to worry about the user to inject illegal field data when submitting the form. Obviously the second way is more flexible, depending on the needs of the choice!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.