Home >Backend Development >PHP Tutorial >ThinkPHP form automatic verification application, thinkphp form verification_PHP tutorial
Using TP 3.2 framework
public function add_post(){ //验证规则 $rule=array( array('name','require','请输入姓名',1),//必须验证name ); $m=M('user'); //获取name,sex,contact数据到模型,并验证 if(!$m->field('name,sex,contact')->validate($rule)->create()) $this->error($m->getError()); $result=$m->add(); if(!$result) $this->error('添加失败'); $this->success('添加成功',U('dir')); }
Validation rules can also be written into the model, but I find it a bit troublesome. First, sometimes different pages have different verification methods. Second, when you see the code in the add_post event, you will know what data to receive and how. The verification data can give you a general understanding at first glance, so this method is summarized.
The new version of ThinkPHP has a built-in form token verification function, which can effectively prevent remote submission of forms and other security protections.
Configuration parameters related to form token verification are: 'TOKEN_ON'=>true, // Whether to enable token verification 'TOKEN_NAME'=>'__hash__', // Form hidden fields for token verification Name 'TOKEN_TYPE'=>'md5', //The default token hash verification rule is MD5. If the form token verification function is turned on, the system will automatically generate a hidden field named TOKEN_NAME in the template file with the form. , its value is a hash string generated in TOKEN_TYPE mode, used to implement automatic token verification of the form. The automatically generated hidden field is located before the form end mark. If you want to control the position of the hidden field, you can manually add the mark on the form page, and the system will automatically replace it when outputting the template. If form token verification is turned on and individual forms do not need to use the token verification function, you can add {__NOTOKEN__} to the form page, and the system will ignore the token verification of the current form. If there are multiple forms on the page, it is recommended to add identification and ensure that only one form requires token verification. The model class will automatically perform form token verification when creating the data object. If you do not use the create method to create the data object, you need to manually call the autoCheckToken method of the model to perform form token verification. If false is returned, it indicates a form token validation error. For example: $User = M("User"); // Instantiate User object // Manual token verification if (!$User->autoCheckToken($_POST)){// Token verification error
Let me show you an example I wrote:
//Form validation
protected $_validate=array(
//array('validation field','validation rule','error prompt', Verification conditions, additional rules, verification time)
array('uname','require','Username must be verified!',1,'regex',3),
//array('username', '','The username already exists',1,'unique',1),
array('pwd','require','The password must be filled in!'),
array('pwd ','checkPwd','Password length is not less than 6 characters',1,'callback'),
);
function checkPwd(){
$password=$_POST['pwd '];
if(strlen($password)>=6){
return true;
}else {
return false;
}
}
// Form mapping
protected $_map=array(
'uname'=>'username',
'pwd'=>'password',
);
//Autocomplete function
protected $_auto=array(
//array(fill field, fill content, fill condition, additional rules) Fill condition: 1, insert 2, update 3, all
array('reg_date', 'getDate',1,'callback'),
array('password','md5',3,'function'),
);
function getDate(){
return date( 'Y-m-d H:i:s');
}