Data Validation

2018-07-13 09:30:55
tengfei
6140
Last edited by tengfei on 2019-09-16 14:11:48

Data validation is particularly important in web applications. Let's introduce the data validation mechanism in zentaoPHP.


1. Location of data validation

In MVC programs, validation rules can be put on each level. For example, form validations will automatically verify the data that a user entered and then give tips. So which layer is the data validation on? There is a lot of controversies. Some mainly put it on the view layer, while others advocate putting it on the control layer. ZentaoPHP put it on the model layer. Why?


The model layer is the bottom layer, all data must be processed through the model. As long as the data is validated at this layer, the accuracy and safety of data can be ensured. Users can also add JS validation at the front end, which will not conflict with the validation on the model layer. Let's take a look at how to use ZenTaoPHP data filter mechanism.


2. Note

Inspired by the filter mechanism in PHP, the data filter in zentaoPHP is divided into two parts, one is data correction, the other is data validation. First, correct the data passed from the client, then validate the data.

The validation class is defined in lib/filter/filter.class.php.


3. Data Correction

Look at the code below.


$bug = fixer::input('post')
->add('openedBy', $this->app->user->account) 
->add('openedDate', $now) 
->setDefault('project,story,task', 0) 
->setDefault('openedBuild', '') 
->setIF($this->post->assignedTo != '', 'assignedDate', $now) 
->setIF($this->post->story != false, 'storyVersion', $this->loadModel('story')->getVersion($this->post->story))
->specialChars('title,steps,keyword') 
->cleanInt('product, module, severity') 
->join('openedBuild', ',') 
->remove('files, labels')
->get();
First, call the "input" method for the "fixer" class. Tthe "post" parameter means to get data from the $_POST.

The next two rows of add () is to add two variables to the data.

Then the two lines of setDefault followed indicates to set it as the default value if the variable did not pass any value.

Next is the two lines of setIF. SetIF has three parameters. The first one is the judging condition, and the other two are key and value. That is, when the condition is true, set $key = $value.

The following spechialchars represents the htmlspecialchars for the three fields; cleanInt make the variables an int, and join to connect openedBuild.

Finally, remove two unnecessary variables.

By GET,  a set of data that has been modified. The collection is ready to be put into a lib.


Let's look at how the data is validated.


4. Data Validation


$this->dao->insert(TABLE_BUG)->data($bug)
->autoCheck()
->batchCheck('id, name', 'notempty')
->exec();
This SQL insert statement passes the corrected data to the DAO object through the data method and automatically check it through autoCheck (). AutoCheck will d according to the type and length of the fields in the database. If the type or the length is incorrect, the error will be automatically recorded. Then the batchCheck () method is invoked to do null value validation on fields.

A single field can be validated through check (). There are other validation rules, such as notempty, unique, email, account and so on.


5. getError

If no error in the data validation, runexec () method to insert the data into the database.

What if there is a mistake? The exec () will not execute anything, but the error will be recorded in the error log. You can determine if there is a mistake in the control.


if(dao::isError()) die(js::error(dao::getError())); 


6.Appendix

Data correction  


cleanEmail:    set the field as email
encodeURL:    set the field as urlencode
cleanURL:     remove characters that is not url from the field
cleanFloat: 
                      set the field as float
cleanINT 
                      set the field as int
specialChars: 
                      set the field as htmlspecialchars
stripTags:    remove the tag from the field
quote: 
                      quote the field setDefault: 
                      set the field as default (use the value passed if any) setIF:        set the field if it meets the condition
setForce:     force override the value of a field
remove:       remove a field
removeIF:     remove a field if it meets a condition
add:          add a field
addIF:        add a field if it meets a condition
join:         connect fields with coma
callFunc:      use custom functions to correct data


Data validation 


bool:     the field has to be bool
int: 
                      the field has to be int
float: 
                      the field has to be float
email: 
                      the field has to be email
url: 
                      the field has to be url 
ip: 
                      the field has to be ip (option: $range all|public|static|private)
date: 
                      the field has to be data reg: 
                      the field has to be regular expressions length:   the length of the field
notEmpty: 
                      the field has to be not empty empty: 
                      the field has to be empty account: 
                      the field has to be an account equal: 
                      the field has to equal to a value call:     call the user's check function 



Write a Comment
Comment will be posted after it is reviewed.