Yii2如何为批量操作在gridview中正确创建复选框列? [英] Yii2 How to properly create checkbox column in gridview for bulk actions?
问题描述
我需要创建类似于wordpress帖子管理的批量操作,因此您可以例如一次删除多个记录。
这是我的方法,效果很好,但是我确信这不是最佳方法,因为该方法容易受到CSRF黑客的攻击。
gridview中的复选框列:
GridView :: widget( [
'dataProvider'=> $ dataProvider,
'columns'= >> [
['class'=>'yii\grid\CheckboxColumn'],
'id'=>'grid',
'country',
],
]);
触发功能的按钮
< a href =# onclick = bulkAction('p');>
函数:
< script>
函数bulkAction(a){
var keys = $('#grid')。yiiGridView('getSelectedRows');
window.location.href =’<?php echo Url :: to(['mycontroller / bulk']); ?>& action =’+ a +’& ids =’+ keys.join();
}
< / script>
此函数创建如下网址:
index.php?r = mycontroller / bulk& action = 1&ids = 2,6,7,8
问题是
这种方法容易受到CSRF黑客的攻击(在此处解释: http://blog.codinghorror.com/cross-site-request-forgeries-and-you/ )
那么,正确的做法是什么?
我自己这样解决了: / p>
这种方式使表单免受CSRF的保护,一切都在POST请求中进行。
这是视图:
<?= Html :: beginForm(['controller / bulk'],'post');?>
<?= Html :: dropDownList('action','',[''=>'标记选择为:','c'=>'已确认','nc'=>'否确认'],['class'=>'dropdown',])?>
<?= Html :: submitButton('Send',['class'=>'btn btn-info',]);?>
<?= GridView :: widget([
'dataProvider'=> $ dataProvider,
'columns'=> [
['class'=>' yii\grid\CheckboxColumn'],
'id',
],
]); ?>
<?= Html :: endForm();?>
这是控制者:
公共函数actionBulk(){
$ action = Yii :: $ app-> request-> post('action');
$ selection = {array)Yii :: $ app-> request-> post('selection'); //强制转换
foreach($ selection as $ id){
$ e = Evento :: findOne((int)$ id); //进行类型转换
//完成任务
$ e-> save();
}
}
I need to create "bulk actions" similar to wordpress posts management, so you can for example delete multiple records at a time.
This is my approach, and works fine, but I'm sure it is not the best approach, since this method is vulnerable to CSRF hacks.
Checkbox column in a gridview:
GridView::widget([
'dataProvider' => $dataProvider,
'columns' => [
['class' => 'yii\grid\CheckboxColumn'],
'id'=>'grid',
'country',
],
]);
Button that fires a function
<a href="#" onclick="bulkAction('p');">
The function:
<script>
function bulkAction(a) {
var keys = $('#grid').yiiGridView('getSelectedRows');
window.location.href='<?php echo Url::to(['mycontroller/bulk']); ?>&action='+a+'&ids='+keys.join();
}
</script>
This function creates a url like this:
index.php?r=mycontroller/bulk&action=1&ids=2,6,7,8
PROBLEM IS This approach is vulnerable to CSRF hacks (explained here: http://blog.codinghorror.com/cross-site-request-forgeries-and-you/)
So, what is the PROPER way to do it?
I solved it myself like this:
This way the form gets protected from CSRF and everything goes in a POST request.
This is the view:
<?=Html::beginForm(['controller/bulk'],'post');?>
<?=Html::dropDownList('action','',[''=>'Mark selected as: ','c'=>'Confirmed','nc'=>'No Confirmed'],['class'=>'dropdown',])?>
<?=Html::submitButton('Send', ['class' => 'btn btn-info',]);?>
<?=GridView::widget([
'dataProvider' => $dataProvider,
'columns' => [
['class' => 'yii\grid\CheckboxColumn'],
'id',
],
]); ?>
<?= Html::endForm();?>
This is the controller:
public function actionBulk(){
$action=Yii::$app->request->post('action');
$selection=(array)Yii::$app->request->post('selection');//typecasting
foreach($selection as $id){
$e=Evento::findOne((int)$id);//make a typecasting
//do your stuff
$e->save();
}
}
这篇关于Yii2如何为批量操作在gridview中正确创建复选框列?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!