Home >PHP Framework >ThinkPHP >Summary of tp framework development
Usage of capital letters
- A function is used to instantiate the controller
- Format: [resource://][module/]controllerA($name,$layer='',$level ='')
@param string $name 资源地址 @param string $layer 控制层名称 @param integer $level 控制器层次 @return Controller|false
##B executes a certain behavior B($name,$tag='',&$params=NULL)This is a new function that comes into being with the behavior. It can execute a certain behavior, such as B('app_begin');@param string $name 行为名称 @param string $tag 标签名称(行为类无需传入) @param Mixed $params传入的参数 @return void
It is to execute all the functions defined by this behavior before the project starts. It supports 2 Parameters, the second parameter supports the need to accept an array
For exampleB('app_begin',array("name"=>"tdweb","time"=>time()));
C Read and set configuration parameters C($name= null,$value=null,$default=null)Get the value:@paramstring|array $name 配置变量 @param mixed $value 配置值 @param mixed $default 默认值 @return mixed
Set the value:Get all settings: C(); does not pass any parameters, Returns an array containing all settings.
- Get the specified configuration: C('URL_MODEL') This way you can get the configuration information of URL_MODEL
- Get the specified two-dimensional array configuration: C("array.name") This way you can return the array The key under array is the value corresponding to name
Assign a value to the two-dimensional array C("array.name", "value"), the principle is the same as above (get the value of array.name), the following value is the value
- Batch assignment:
$test=array("URL_MODEL"=>1,"THIN_MODEL"=>true"); C($test); 这样直接将数组里的值赋值了Judge whether to assign value: C("?URL_MODEL")这样前边加个"?",如果已经赋值,则返回trueIt should be noted that, Although the configuration value is changed here, it is only changed on this page, and it will not work on the next page.If you want to change it permanently, you need to cooperate with the F function to write the configuration file into config. PHP will do.
The D function is used to instantiate the model class format [resource://][module/]model D($name='',$ layer='')@param string $name 资源地址 @param string $layer 模型层名称 @return ModelThe D function has two advantages:First, if this Model has been instantiated before, it will no longer be instantiated, saving resources;
- The second is to facilitate debugging. If this Model does not exist, a TP exception will be thrown, which is very user-friendly.
- If you want to access the Model of this project directly, D("Model name"); is fine. If you plan to access across projects, use D("Model name", "Project name");
EThrow exception handlingE($msg, $code=0)@param string $msg异常消息 @param integer $code 异常代码默认为0 @return void
F Fast file data reading and saving For simple type data strings and arrays F($name, $value='',$path=DATA_PATH)@param string $name 缓存名称 @param mixed $value 缓存值 @param string $path 缓存路径 @return mixed
G recording and statistical time (microseconds) and memory usageG($start,$end='',$dec=4)Usage method:G('begin'); // 记录开始标记位 // ... 区间运行代码 G('end'); // 记录结束标签位 echo G('begin','end',6); //统计区间运行时间精确到小数后6位 echo G('begin','end','m'); // 统计区间内存使用情况 如果end标记位没有定义,则会自动以当前作为标记位Among them, statistical memory usage is required MEMORY_LIMIT_ON is only valid when the constant is true@param string $start 开始标签 @param string $end 结束标签 @paraminteger|string $dec小数位或者m @return mixed
I obtain input parameters support filtering and default valuesI($name,$default='',$filter=null)Usage method:I('id',0); //获取id参数自动判断get或者post I('post.name','','htmlspecialchar s'); //获取$_POST['name'] I('get.'); //获取$_GET
L() gets and sets the language definition (not case sensitive)L($name=null,$value=null)@paramstring|array $name 语言变量 @param mixed $value 语言值或者变量 @return mixedLanguage definition function, L("intro") gets the language defined as intro, l("intro" , "Introduction") Assign a value to intro
M function is used to instantiate a Model without a model fileM($name='',$tablePrefix='',$connection='')@param string $name Model名称支持指定基础模型例如MongoModel:User @param string $tablePrefix表前缀 @param mixed $connection 数据库连接信息 @return Model
NSet and get statistical dataN($key,$step=0,$save=false)Usage method:N('db',1); // 记录数据库操作次数 N('read',1); // 记录读取次数 echo N('db'); // 获取当前页面数据库的所有操作次数 echo N('read'); // 获取当前页面读取次数@param string $key 标识位置 @param integer $step 步进值 @return mixed
R($url,$vars=array(),$layer='')@param string $url调用地址 @paramstring|array $vars调用参数支持字符串和数组 @param string $layer 要调用的控制层名称 @return mixed
T($template='',$layer='')@param string $name 模版资源地址 @param string $layer 视图层(目录)名称 @return string
U($url='',$vars='',$suffix=true,$domain=false)@param string $url URL表达式,格式:'[模块/控制器/操作#锚点@域名]?参数1=值1&参数2=值2...' @paramstring|array $vars传入的参数,支持数组和字符串 @param string $suffix 伪静态后缀,默认为true表示获取配置值 @paramboolean $domain 是否显示域名 @return stringUsage:
跨项目访问:
U("appname://Other/otherMethod");使用路由访问:
U("appName://routeName@moduleName/actionName?params");另外,如果想直接跳转,那么就在第二个参数写1
U("/nowMethod",1)这样就直接调转到指定URL了
W渲染输出Widget
W($name,$data=array())@param string $name Widget名称 @param array $data 传入的参数 @return void
S缓存管理
S($name,$value='',$options=null)@param mixed $name 缓存名称,如果为数组表示进行缓存设置 @param mixed $value 缓存值 @param mixed $options 缓存参数 @return mixed
当网站不涉及复杂的用户交互时,可以对用户所有提交的文本进行htmlspecialchars函数处理。
例子
M('Member')->save(array('content'=>I('post.content')));
- cookie的信息一但被别人通过XSS攻击获取后也一样等同于把自己的帐号密码给了别人。
- 对cookie进行IP绑定,(当然也可以获取用户客户端更多的其它信息进行同时绑定)可以根据用户的IP来判断这个cookie是不是来原始授权用户。
示例
$auto=I('post.auto');//用户设置了自动登录 if(!empty($auto)){ cookie('auto',encrypt(serialize($data)));//将登录信息保存到cookie,其中$data里含有加密后的帐号,密码,和用户的IP,这里的cookie已在全局中设置过期日期为一周 }
if (!is_login()) {//是否未登录状态? $auth=cookie('auto'); if(!empty($auth)){//是否未有自动登录cookie? $data=unserialize(decrypt($auth)); if(!empty($data) && !empty($data['username']) && !empty($data['password']) && !empty($data['last_login_ip'])){ $user=M('Member')->where(array('username'=>$data['username'],'password'=>$data['password']))->find(); if(!empty($user['id'])&&($user['last_login_ip']==get_client_ip())){//cookie帐号密码是否有效?//IP来源是否相同? login_session($user['id'], $user['username'], $data['last_login_ip']);//用户自动登录成功 } } } }
- 优点:大多数场景下可使被XSS攻击盗取的cookie失效。
- 缺点:由于IP存在多台电脑共用的可能,对绑定做不到十分精细
可以保证cookie只在http请求中被传输,而不被页面中的脚本获取,现市面上绝大多数浏览器已经支持。
<iframe src="http://alibaba.com" sandbox>
为iframe的增加的sandbox属性,可以防止不信任的Web页面执行某些操作.相信这个方法以后会被广泛使用。
The above is the detailed content of Summary of tp framework development. For more information, please follow other related articles on the PHP Chinese website!