Laravel 4大规模任务守卫不起作用 [英] Laravel 4 mass assignment guarded not work

问题描述

我想知道我的代码有什么错误，我不能保护2个输入的用户名和密码

在我的控制器中:

class AccountsController extends \BaseController {

...

public function store()
    {
        $date = new \DateTime;
        $input['updated_at']=$date;
        $input['created_at']=$date;
        $input['username']=Input::get("username", "");
        $input['password']=Input::get("password", "");
        $input['sex']=Input::get("sex", "");
        $input['dob']=Input::get("dob", "");
        $input['dob']= date("Y-m-d", strtotime($input['dob']));

        $v=Validator::make($input, Account::$register_rules);
        $input['password']=Hash::make($input['password']);
        if($v->passes()){
            DB::table('accounts')->insert($input);

        }
        //return Redirect::route('text.index');
    }

...

}

在我的模型中:

class Account extends \Eloquent {
    protected $guarded = array('username', 'password');

    public static $register_rules=array(
                'username'   => 'required|min:4|max:20|unique:accounts',
                'password'   => 'required|alpha_num|min:6',
                'sex'       =>  'required|in:f,m',
                'dob'       => 'required|date_format:Y-m-d'
            );
}

在我的应用/视图中

...


{{ Form::open(array('route'=>'account.store')) }}
            <table>
                <tr>
                    <td>{{ Form::label('username', 'Username') }}</td>
                    <td>{{ Form::text('username') }}</td>
                </tr>
                <tr>
                    <td>{{ Form::label('password', 'Password') }}</td>
                    <td>{{ Form::password('password') }}</td>
                </tr>
                <tr>
                    <td>{{ Form::label('confirm_password', 'Confirm Password') }}</td>
                    <td>{{ Form::password('confirm_password', array('id'=>'confirm_password')) }}</td>
                </tr>
                <tr>
                    <td>{{ Form::label('sex', 'Sex') }}</td>
                    <td>
                        {{ Form::radio('sex', 'f', true) }}{{ Form::label('Female') }}
                        {{ Form::radio('sex', 'm') }}{{ Form::label('Male') }}
                    </td>
                </tr>
                <tr>
                    <td>{{ Form::label('dob', 'Date of Birth') }}</td>
                    <td>
                        {{Form::text('dob', '', array('id' => 'dob'))}}
                    </td>
                </tr>

                <tr>
                    <td></td>
                    <td>{{ Form::submit('Register', array('id' => 'submit')) }}</td>
                </tr>

            </table>
        {{ Form::close() }}

...

即使我定义了对这两个字段的保护，它们仍然保存在数据库中.

解决方案

实际上您不是在使用Eloquent ORM，因此以下代码可保护Eloquent模型的大量分配，例如，使用Model::create(Input::all())方法，您可以创建一个数据库中的新Account，例如:

$account = Account::create(Input::all());

在您的情况下，您没有使用Eloquent模型，而是使用了insert方法，该方法使用了DB::('accounts')->insert($input)类的一个功能(它是Illuminate\Database\Query\Builder的一个实例). >

因此，如果使用Eloquent ORM，则将使用Eloquent的功能.在这种情况下，Model::save()的使用不是质量分配，但是create()的使用质量分配，因为在创建新模型时，您可以将属性的array传递给模型构造函数.然后通过质量分配将这些属性分配给模型，并且create接受属性的array，然后使用new static($attributes)初始化模型，例如，这是create方法:

public static function create(array $attributes)
{
    $model = new static($attributes);
    $model->save();
    return $model;
}

因此，如果您使用以下方式手动启动模型:

$account = new Account(Input::all()); // Mass assignment through constructor
$account->save();

这是一项批量任务.在这种情况下，您需要通过扩展Eloquent来创建Account模型(您已经有一个):

class Account extends Eloquent {

    // Protect mass assignment
    protected $guarded = array('username', 'password');

    //...
}

您可以在Laravel网站上了解有关质量分配的更多信息.

>

I wonder what wrong in my code that I can't protected 2 input username and password

In my controller:

class AccountsController extends \BaseController {

...

public function store()
    {
        $date = new \DateTime;
        $input['updated_at']=$date;
        $input['created_at']=$date;
        $input['username']=Input::get("username", "");
        $input['password']=Input::get("password", "");
        $input['sex']=Input::get("sex", "");
        $input['dob']=Input::get("dob", "");
        $input['dob']= date("Y-m-d", strtotime($input['dob']));

        $v=Validator::make($input, Account::$register_rules);
        $input['password']=Hash::make($input['password']);
        if($v->passes()){
            DB::table('accounts')->insert($input);

        }
        //return Redirect::route('text.index');
    }

...

}

In my model:

class Account extends \Eloquent {
    protected $guarded = array('username', 'password');

    public static $register_rules=array(
                'username'   => 'required|min:4|max:20|unique:accounts',
                'password'   => 'required|alpha_num|min:6',
                'sex'       =>  'required|in:f,m',
                'dob'       => 'required|date_format:Y-m-d'
            );
}

In my app/view

...


{{ Form::open(array('route'=>'account.store')) }}
            <table>
                <tr>
                    <td>{{ Form::label('username', 'Username') }}</td>
                    <td>{{ Form::text('username') }}</td>
                </tr>
                <tr>
                    <td>{{ Form::label('password', 'Password') }}</td>
                    <td>{{ Form::password('password') }}</td>
                </tr>
                <tr>
                    <td>{{ Form::label('confirm_password', 'Confirm Password') }}</td>
                    <td>{{ Form::password('confirm_password', array('id'=>'confirm_password')) }}</td>
                </tr>
                <tr>
                    <td>{{ Form::label('sex', 'Sex') }}</td>
                    <td>
                        {{ Form::radio('sex', 'f', true) }}{{ Form::label('Female') }}
                        {{ Form::radio('sex', 'm') }}{{ Form::label('Male') }}
                    </td>
                </tr>
                <tr>
                    <td>{{ Form::label('dob', 'Date of Birth') }}</td>
                    <td>
                        {{Form::text('dob', '', array('id' => 'dob'))}}
                    </td>
                </tr>

                <tr>
                    <td></td>
                    <td>{{ Form::submit('Register', array('id' => 'submit')) }}</td>
                </tr>

            </table>
        {{ Form::close() }}

...

Even though I defined guarded these two fields they are still saved in the database.

解决方案

Actually you are not using Eloquent ORM and hence the following code guards mass assignment of Eloquent models, for example using Model::create(Input::all()) method you may create a new Account in the database like:

$account = Account::create(Input::all());

In your case, you are not using Eloquent model, instead you are using insert method using DB::('accounts')->insert($input) which is a feature of Query builder class (It's an instance of Illuminate\Database\Query\Builder).

So, if you use the Eloquent ORM then the features of Eloquent will be used. In this case, use of Model::save() is not a mass assignment but create() uses the mass assignment because when creating a new model, you may pass an array of attributes to the model constructor. These attributes are then assigned to the model via mass-assignment and create accepts an array of attributes and then initializes the model using new static($attributes), for example, this is the create method:

public static function create(array $attributes)
{
    $model = new static($attributes);
    $model->save();
    return $model;
}

So, if you manually initiate a model using something like this:

$account = new Account(Input::all()); // Mass assignment through constructor
$account->save();

This will be a mass assignment. In this case you need to create the Account model by extending the Eloquent like this (You already have one):

class Account extends Eloquent {

    // Protect mass assignment
    protected $guarded = array('username', 'password');

    //...
}

You may read more about Mass Assignment on Laravel website.

这篇关于Laravel 4大规模任务守卫不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！