- 1 Introduction
- 1.1 About zentaoPHP
- 1.2 Features
- 1.3 License
- 2 Installation
- 2.1 System Requirement
- 2.2 Install zentaoPHP
- 3 Quick Start
- 3.1 Echo Hello World!
- 3.2 Use MVC to echo Hello World!
- 3.3 Example: Deploy the blog built in zentaoPHP
- 4 Basics
- 4.1 Basic Concepts
- 4.2 Request Types
- 4.3 Create Links
- 4.4 Class: HTML, JS, and CSS
- 5 Advanced
- 5.1 Directory Structure
- 5.2 DAO
- 5.3 Pager Solutions
- 5.4 Data Validation
- 2018-07-13 09:30:55
- Last edited by tengfei on 2019-09-16 14:11:48
Data validation is particularly important in web applications. Let's introduce the data validation mechanism in zentaoPHP.
1. Location of data validation
In MVC programs, validation rules can be put on each level. For example, form validations will automatically verify the data that a user entered and then give tips. So which layer is the data validation on? There is a lot of controversies. Some mainly put it on the view layer, while others advocate putting it on the control layer. ZentaoPHP put it on the model layer. Why?
The model layer is the bottom layer, all data must be processed through the model. As long as the data is validated at this layer, the accuracy and safety of data can be ensured. Users can also add JS validation at the front end, which will not conflict with the validation on the model layer. Let's take a look at how to use ZenTaoPHP data filter mechanism.
Inspired by the filter mechanism in PHP, the data filter in zentaoPHP is divided into two parts, one is data correction, the other is data validation. First, correct the data passed from the client, then validate the data.
The validation class is defined in lib/filter/filter.class.php.
3. Data Correction
Look at the code below.
$bug = fixer::input('post') ->add('openedBy', $this->app->user->account) ->add('openedDate', $now) ->setDefault('project,story,task', 0) ->setDefault('openedBuild', '') ->setIF($this->post->assignedTo != '', 'assignedDate', $now) ->setIF($this->post->story != false, 'storyVersion', $this->loadModel('story')->getVersion($this->post->story)) ->specialChars('title,steps,keyword') ->cleanInt('product, module, severity') ->join('openedBuild', ',') ->remove('files, labels') ->get();First, call the "input" method for the "fixer" class. Tthe "post" parameter means to get data from the $_POST.
The next two rows of add () is to add two variables to the data.
Then the two lines of setDefault followed indicates to set it as the default value if the variable did not pass any value.
Next is the two lines of setIF. SetIF has three parameters. The first one is the judging condition, and the other two are key and value. That is, when the condition is true, set $key = $value.
The following spechialchars represents the htmlspecialchars for the three fields; cleanInt make the variables an int, and join to connect openedBuild.
Finally, remove two unnecessary variables.
By GET, a set of data that has been modified. The collection is ready to be put into a lib.
Let's look at how the data is validated.
4. Data Validation
$this->dao->insert(TABLE_BUG)->data($bug) ->autoCheck() ->batchCheck('id, name', 'notempty') ->exec();This SQL insert statement passes the corrected data to the DAO object through the data method and automatically check it through autoCheck (). AutoCheck will d according to the type and length of the fields in the database. If the type or the length is incorrect, the error will be automatically recorded. Then the batchCheck () method is invoked to do null value validation on fields.
A single field can be validated through check (). There are other validation rules, such as notempty, unique, email, account and so on.
If no error in the data validation, runexec () method to insert the data into the database.
What if there is a mistake? The exec () will not execute anything, but the error will be recorded in the error log. You can determine if there is a mistake in the control.
cleanEmail: set the field as email encodeURL： set the field as urlencode cleanURL： remove characters that is not url from the field cleanFloat： set the field as float cleanINT set the field as int specialChars： set the field as htmlspecialchars stripTags： remove the tag from the field quote： quote the field setDefault： set the field as default (use the value passed if any) setIF： set the field if it meets the condition setForce： force override the value of a field remove： remove a field removeIF： remove a field if it meets a condition add： add a field addIF： add a field if it meets a condition join： connect fields with coma callFunc: use custom functions to correct data
bool: the field has to be bool int: the field has to be int float: the field has to be float email: the field has to be email url: the field has to be url ip: the field has to be ip (option: $range all|public|static|private) date： the field has to be data reg: the field has to be regular expressions length: the length of the field notEmpty: the field has to be not empty empty: the field has to be empty account: the field has to be an account equal: the field has to equal to a value call: call the user's check function