The example in this article describes the implementation method of automatic verification of ThinkPHP forms. Share it with everyone for your reference. The specific method is as follows:
This sample code is implemented using the TP 3.2 framework. The specific code is as follows:
The verification rules can also be written into the model, but I find it a bit troublesome. First, sometimes different pages have different verification methods. Second, when you see the code in the add_post event, you know what data to receive. , how to verify the data can give you a general understanding at first glance, so this method is summarized.
I hope this article will be helpful to everyone’s ThinkPHP program development.
Let me show you an example I wrote:
//Form validation
protected $_validate=array(
//array('validation field','validation rule','error prompt', Verification conditions, additional rules, verification time)
array('uname','require','Username must be verified!',1,'regex',3),
//array('username', '','The username already exists',1,'unique',1),
array('pwd','require','The password must be filled in!'),
array('pwd ','checkPwd','Password length is not less than 6 characters',1,'callback'),
);
function checkPwd(){
$password=$_POST['pwd '];
if(strlen($password)>=6){
return true;
}else {
return false;
}
}
// Form mapping
protected $_map=array(
'uname'=>'username',
'pwd'=>'password',
);
//Autocomplete function
protected $_auto=array(
//array(fill field, fill content, fill condition, additional rules) Fill condition: 1, insert 2, update 3, all
array('reg_date', 'getDate',1,'callback'),
array('password','md5',3,'function'),
);
function getDate(){
return date( 'Y-m-d H:i:s');
}
The new version of ThinkPHP has a built-in form token verification function, which can effectively prevent remote submission of forms and other security protections.
Configuration parameters related to form token verification are: 'TOKEN_ON'=>true, // Whether to enable token verification 'TOKEN_NAME'=>'__hash__', // Form hidden fields for token verification Name 'TOKEN_TYPE'=>'md5', //The default token hash verification rule is MD5. If the form token verification function is turned on, the system will automatically generate a hidden field named TOKEN_NAME in the template file with the form. , its value is a hash string generated in TOKEN_TYPE mode, used to implement automatic token verification of the form. The automatically generated hidden field is located before the form end mark. If you want to control the position of the hidden field, you can manually add the mark on the form page, and the system will automatically replace it when outputting the template. If form token verification is turned on and individual forms do not need to use the token verification function, you can add {__NOTOKEN__} to the form page, and the system will ignore the token verification of the current form. If there are multiple forms on the page, it is recommended to add identification and ensure that only one form requires token verification. The model class will automatically perform form token verification when creating the data object. If you do not use the create method to create the data object, you need to manually call the autoCheckToken method of the model to perform form token verification. If false is returned, it indicates a form token validation error. For example: $User = M("User"); // Instantiate User object // Manual token verification if (!$User->autoCheckToken($_POST)){// Token verification error