mayfish data warehousing verification code_PHP tutorial

Generally, before writing data to the database, the data to be written is verified first, which can avoid serious security problems (such as general SQL injection attacks).
mayfish can flexibly customize the verification rules for the data content to be written, so as to reduce the trouble of developers manually verifying the data of each field.
An example is as follows:
1. First define the database module

Copy the code The code is as follows:

class MemberModel extends AppModel
{
/**Set database table name **/
protected $tableName = "members";
/**
* Data validation rules
* /
protected $verify = array(
array("NotEmpty", "username", "Username cannot be left blank"),
array("hasOne", "username", "This user already exists , please try again with another user name"),
array("NotEmpty", "password", "Password cannot be left blank"),
array("NotEmpty", "email", "Email address Cannot be left blank"),
array("isEmail", "email", "The email address format is incorrect"),
array("hasOne", "email", "The email address has been occupied")
);
/**
* Override the method of the parent class to add data to the database
* First encrypt the user password with md5, and then call the method of the parent class to write it into the database
*/
public function create($data) {
$data = array_map("addslashes", $data); //Change the punctuation marks in the data (Single and double quotes) for safe escaping
$data["password"] = md5($data["password"]);
return parent::create($data);
}
}
?>

2. Perform data writing operation

Copy code The code is as follows:

//Execute the fragment of writing data...
//Execute the operation of data storage
private function PostData() {
$fields = array("username", "password", "email");
$post = array_map("trims", $_POST); //Clear all extra spaces on both sides of the data
$post = parseHTML($post , $fields); //Clear the specified field content for HTML processing
$data = parseFields($post, $fields); //Extract fields that can be written to the database (to prevent others from bypassing your page for submission Some data with ulterior motives)
$DB = & M("member");
//Perform data verification
if (!$DB->verify($data)) {
// If the verification fails, extract the reason for the failure and submit it to the template page
$this->assign("error", $DB->getVerifyError());
//Submit the submitted data as well into the template (to achieve the feeling that the user has never left the page)
$this->assign("default", $post);
//Render the registration page template
$this-> ;display("/register.html");
}
else {
//Write to database
$result = $DB->create($data);
// Returns a Boolean type, indicating that the data writing failed, rendering the registration page template
if (is_bool($result)) {
$this->assign("default", $post);
$this- >display("/register.html");
}
else {
//Registration successful, rendering the registration success page template
$this->assign("username", $data ["username"]);
$this->display("/reg_success.html");
}
}
}

Executable verification The rules include
NotEmpty cannot be empty
Number can only be an integer
isEmail Is the email address correct?
hasOne Is it unique (whether it is repeated or already exists)
Regex Custom regular expression

The format of verification is
array (verification method, field name for verification, verification error message)
For verification of regular expression expression
array("Regex", "mobile" , '/^13d{9}$/', "Username cannot be left blank")

MayFish Download

http://www.bkjia.com/PHPjc/321655.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/321655.htmlTechArticleGenerally, before writing data to the database, the data to be written is verified first to avoid comparisons. Serious security issues (such as general SQL injection attacks). mayfish can work...