Home >Backend Development >PHP Tutorial >Safe usage of validator in Yii_PHP tutorial
When I started using yii, I didn’t quite understand the safe in the verification rules. I tested it today and I finally figured out the safe connotation. I always thought that safe means that the framework will filter the input content, such as SQL injection and other filters. In fact, it is not the case. The difference between safe or unsafe mainly lies in $model->attributes=$_POST['User']; This method of assignment is called Massive Assignment in Yii. When all attributes in the model are safe, all the values of $_POST['User'] submitted by the form can be assigned to $model->attributes. Then save and enter the database. But once there is an attribute that is not set to safe, such as username, when the username is modified and submitted, you will find that the value of the username is not updated because username is unsafe, so the new username cannot be added to Massive Assignment. The value is assigned to the model.
The following is the master’s explanation:
Safe attributes refer to attributes entered by the user and need to be verified. If an attribute appears in a validation rule, and the applicable scenario of the validation rule is consistent with the current scenario of the model, then the attribute is safe and can accept batch assignment. In Yii 1.1, the safeAttributes() function has been cancelled. All properties are declared safe through validation rules.
For details, please refer to: http://www.yiiframework.com/wiki/161/understanding-safe-validation-rules/