yii的rules函数的中safe


当用户在表单中输入数据的时候,会把数据通过
$model->attributes=$_POST['form_name'];赋值给模型属性
简单来讲:(针对Yii1.1框架1.0会有不同,不考虑)
所有已经在rules中定义的规则,表单都会认为是“安全”的,即$model->attributes可以得到此表单域的值
所有未在model的rules中定义的,都认为是不安全的,根本不能通过$model->attributes来得到此表单域的值
…………………………
比如你想发布一个信息,其中包括了标题的字段title,你在表单中有一个表单域名为:title
但是如果你没有在rules中定义任何关于title的规则,那么提交到数据库中的title是为空的,即获取不到信息
………………………………………………………………………………………………………………………………
那么这就很明显了,你想获取到此title的信息,而又不想对其做任何rules规则限制,那么怎么办呢?
就加上safe规则,即:function ruels{
      return array(){
           ………………
            array('title','safe'),
           ………………
      }
}
这样就可以获取到title的值了
………………………………………………………………………………
其实这只是对safe最表面的理解,还有一些场景(scenario)应用等等
更深次的东西,可以看文档


 

原文地址:

A common source of confusion among new Yii users is how the 'safe' validator works, how it works with other validators, and why it's necessary in the first place. This article means to clear up this confusion, as well as explain the notion of Massive Assignment.

Summary: A model's validation rules serve two purposes:

Ensure that fields entered in a form are entered properly
Define which form fields are allowed to be assigned to a $model variable
These are related, but not the same, and the distinction is important.

Looking at a set of validation rules
To get started, we'll revisit what validation rules look like in a common model, and our example is taken from the Blog Tutorial "User" model (found in protected/models/User.php).

// protected/models/User.php ... public function rules() { return array( array('username, password, salt, email', 'required'), array('username, password, salt, email', 'length','max'=>128), array('profile', 'safe'), ); } ...
Validation rules are defined with array(...), providing a list of attributes, the name of the validator, and additional parameters as needed by the particular validators. Also common is the'on' keyword, which specifies scenarios, but we won't address those in this Article.

Validation Rules
The obvious purpose for validators is to ensure that users enter good data into application forms.

If a field should be no more than 16 characters long, if it should reflect a unique value in a table, or it must look like an email address, Yii provides a rich set of validators to help enforce form validation.

The Definitive Guide provides the authoritative reference, but user krillzip has provided an excellent quick reference guide to the available validators.

It's also possible to create your own validators, either as class functions or standalone extensions, but these are beyond the scope of this article.

Massive Assignment
Once your model's validators have approved all the fields, it's time to make use of the data produced by the form, in bulk. This happens during form submission by calling the controller's action.

Here we'll look at the post/update code:

// protected/controllers/CommentController.php public function actionUpdate() { $model = $this->loadModel(); if (isset($_POST['Comment'])) { $model->attributes = $_POST['Comment']; // Massive Assignment ....
The key is $model->attributes = $_POST['Comment'];, which is deceptively simple.

In reality this is calling

$model->setAttributes( $_POST['Comment'] ); // this is an array!
Since $_Post['Comment'] is actually an array representing all the fields in the submitted form, Yii is running through them all and assigning the fields to the form one by one. Every field is assigned to the corresponding attribute in the model (after validation, of course), and this produces the final $model variable that can be saved or updated or whatever.

Massive Assignment is really the same as:

$model->author = $_POST['Comment']['author']; $model->email = $_POST['Comment']['email']; $model->url = $_POST['Comment']['url']; $model->content = $_POST['Comment']['content'];
Massive Assignment is very important - your Yii application will not work without it.

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/11220.html