Mayfish database validation code
- 2020-03-31 20:42:28
- OfStack
In general, before the data is written to the database, the data to be written first to verify, can avoid more serious security problems (such as general SQL injection attacks).
Mayfish has the flexibility to customize validation rules for the data content to be written to reduce the need for developers to manually validate the data for each field.
Here are some examples:
First, define the database module
Perform data write operations
Rules for executable validation are
NotEmpty cannot be empty
Number can only be an integer
Is the isEmail email address correct
Is hasOne unique (does it repeat, does it already exist)
Regex customizes regular expressions
The format of the validation is
Array (validation method, field name for validation, validation error message)
Validation of regular expressions
Array (" Regex ", "mobile", '/ ^ 13 \ d {9} $/', "user name cannot be left blank")
(link: #)
Mayfish has the flexibility to customize validation rules for the data content to be written to reduce the need for developers to manually validate the data for each field.
Here are some examples:
First, define the database module
<?php
class MemberModel extends AppModel
{
protected $tableName = "members";
protected $verify = array(
array("NotEmpty", "username", " The username cannot be left blank "),
array("hasOne", "username", " This user already exists, please try again with another user name "),
array("NotEmpty", "password", " The password cannot be left blank "),
array("NotEmpty", "email", " The email address cannot be left blank "),
array("isEmail", "email", " Incorrect email address format "),
array("hasOne", "email", " The email address has been occupied ")
);
public function create($data) {
$data = array_map("addslashes", $data); //Safe escape of punctuation marks (single and double quotation marks) in the data
$data["password"] = md5($data["password"]);
return parent::create($data);
}
}
?>
Perform data write operations
//Execute a piece of write data...
//Perform data warehousing operations
private function PostData() {
$fields = array("username", "password", "email");
$post = array_map("trims", $_POST); //Clear all excess Spaces on both sides of the data
$post = parseHTML($post, $fields); //Clears HTML processing of the specified field content
$data = parseFields($post, $fields); //Extract fields that can be written to the database (to prevent others from bypassing your page and submitting data with ulterior motives)
$DB = & M("member");
//Perform data validation
if (!$DB->verify($data)) {
//Validation failed, the cause of the failure is fetched, and submitted to the template page
$this->assign("error", $DB->getVerifyError());
//Submit the submitted data to the template (to give the impression that the user has not left the page)
$this->assign("default", $post);
//Render the registration page template
$this->display("/register.html");
}
else {
//Write to database
$result = $DB->create($data);
// Return Boolean indicating failed write, Render the registration page template
if (is_bool($result)) {
$this->assign("default", $post);
$this->display("/register.html");
}
else {
//Register successfully, render the registered page template
$this->assign("username", $data["username"]);
$this->display("/reg_success.html");
}
}
}
Rules for executable validation are
NotEmpty cannot be empty
Number can only be an integer
Is the isEmail email address correct
Is hasOne unique (does it repeat, does it already exist)
Regex customizes regular expressions
The format of the validation is
Array (validation method, field name for validation, validation error message)
Validation of regular expressions
Array (" Regex ", "mobile", '/ ^ 13 \ d {9} $/', "user name cannot be left blank")
(link: #)