Laravel 4大规模任务守卫不起作用 [英] Laravel 4 mass assignment guarded not work
问题描述
我想知道我的代码有什么错误,我不能保护2个输入的用户名和密码
在我的控制器中:
class AccountsController extends \BaseController {
...
public function store()
{
$date = new \DateTime;
$input['updated_at']=$date;
$input['created_at']=$date;
$input['username']=Input::get("username", "");
$input['password']=Input::get("password", "");
$input['sex']=Input::get("sex", "");
$input['dob']=Input::get("dob", "");
$input['dob']= date("Y-m-d", strtotime($input['dob']));
$v=Validator::make($input, Account::$register_rules);
$input['password']=Hash::make($input['password']);
if($v->passes()){
DB::table('accounts')->insert($input);
}
//return Redirect::route('text.index');
}
...
}
在我的模型中:
class Account extends \Eloquent {
protected $guarded = array('username', 'password');
public static $register_rules=array(
'username' => 'required|min:4|max:20|unique:accounts',
'password' => 'required|alpha_num|min:6',
'sex' => 'required|in:f,m',
'dob' => 'required|date_format:Y-m-d'
);
}
在我的应用/视图中
...
{{ Form::open(array('route'=>'account.store')) }}
<table>
<tr>
<td>{{ Form::label('username', 'Username') }}</td>
<td>{{ Form::text('username') }}</td>
</tr>
<tr>
<td>{{ Form::label('password', 'Password') }}</td>
<td>{{ Form::password('password') }}</td>
</tr>
<tr>
<td>{{ Form::label('confirm_password', 'Confirm Password') }}</td>
<td>{{ Form::password('confirm_password', array('id'=>'confirm_password')) }}</td>
</tr>
<tr>
<td>{{ Form::label('sex', 'Sex') }}</td>
<td>
{{ Form::radio('sex', 'f', true) }}{{ Form::label('Female') }}
{{ Form::radio('sex', 'm') }}{{ Form::label('Male') }}
</td>
</tr>
<tr>
<td>{{ Form::label('dob', 'Date of Birth') }}</td>
<td>
{{Form::text('dob', '', array('id' => 'dob'))}}
</td>
</tr>
<tr>
<td></td>
<td>{{ Form::submit('Register', array('id' => 'submit')) }}</td>
</tr>
</table>
{{ Form::close() }}
...
即使我定义了对这两个字段的保护,它们仍然保存在数据库中.
实际上您不是在使用Eloquent ORM
,因此以下代码可保护Eloquent
模型的大量分配,例如,使用Model::create(Input::all())
方法,您可以创建一个数据库中的新Account
,例如:
$account = Account::create(Input::all());
在您的情况下,您没有使用Eloquent
模型,而是使用了insert
方法,该方法使用了DB::('accounts')->insert($input)
类的一个功能(它是Illuminate\Database\Query\Builder
的一个实例). >
因此,如果使用Eloquent ORM
,则将使用Eloquent
的功能.在这种情况下,Model::save()
的使用不是质量分配,但是create()
的使用质量分配,因为在创建新模型时,您可以将属性的array
传递给模型构造函数.然后通过质量分配将这些属性分配给模型,并且create
接受属性的array
,然后使用new static($attributes)
初始化模型,例如,这是create
方法:
public static function create(array $attributes)
{
$model = new static($attributes);
$model->save();
return $model;
}
因此,如果您使用以下方式手动启动模型:
$account = new Account(Input::all()); // Mass assignment through constructor
$account->save();
这是一项批量任务.在这种情况下,您需要通过扩展Eloquent
来创建Account
模型(您已经有一个):
class Account extends Eloquent {
// Protect mass assignment
protected $guarded = array('username', 'password');
//...
}
您可以在Laravel
网站上了解有关质量分配的更多信息.
I wonder what wrong in my code that I can't protected 2 input username and password
In my controller:
class AccountsController extends \BaseController {
...
public function store()
{
$date = new \DateTime;
$input['updated_at']=$date;
$input['created_at']=$date;
$input['username']=Input::get("username", "");
$input['password']=Input::get("password", "");
$input['sex']=Input::get("sex", "");
$input['dob']=Input::get("dob", "");
$input['dob']= date("Y-m-d", strtotime($input['dob']));
$v=Validator::make($input, Account::$register_rules);
$input['password']=Hash::make($input['password']);
if($v->passes()){
DB::table('accounts')->insert($input);
}
//return Redirect::route('text.index');
}
...
}
In my model:
class Account extends \Eloquent {
protected $guarded = array('username', 'password');
public static $register_rules=array(
'username' => 'required|min:4|max:20|unique:accounts',
'password' => 'required|alpha_num|min:6',
'sex' => 'required|in:f,m',
'dob' => 'required|date_format:Y-m-d'
);
}
In my app/view
...
{{ Form::open(array('route'=>'account.store')) }}
<table>
<tr>
<td>{{ Form::label('username', 'Username') }}</td>
<td>{{ Form::text('username') }}</td>
</tr>
<tr>
<td>{{ Form::label('password', 'Password') }}</td>
<td>{{ Form::password('password') }}</td>
</tr>
<tr>
<td>{{ Form::label('confirm_password', 'Confirm Password') }}</td>
<td>{{ Form::password('confirm_password', array('id'=>'confirm_password')) }}</td>
</tr>
<tr>
<td>{{ Form::label('sex', 'Sex') }}</td>
<td>
{{ Form::radio('sex', 'f', true) }}{{ Form::label('Female') }}
{{ Form::radio('sex', 'm') }}{{ Form::label('Male') }}
</td>
</tr>
<tr>
<td>{{ Form::label('dob', 'Date of Birth') }}</td>
<td>
{{Form::text('dob', '', array('id' => 'dob'))}}
</td>
</tr>
<tr>
<td></td>
<td>{{ Form::submit('Register', array('id' => 'submit')) }}</td>
</tr>
</table>
{{ Form::close() }}
...
Even though I defined guarded these two fields they are still saved in the database.
Actually you are not using Eloquent ORM
and hence the following code guards mass assignment of Eloquent
models, for example using Model::create(Input::all())
method you may create a new Account
in the database like:
$account = Account::create(Input::all());
In your case, you are not using Eloquent
model, instead you are using insert
method using DB::('accounts')->insert($input)
which is a feature of Query builder
class (It's an instance of Illuminate\Database\Query\Builder
).
So, if you use the Eloquent ORM
then the features of Eloquent
will be used. In this case, use of Model::save()
is not a mass assignment but create()
uses the mass assignment because when creating a new model, you may pass an array
of attributes to the model constructor. These attributes are then assigned to the model via mass-assignment and create
accepts an array
of attributes and then initializes the model using new static($attributes)
, for example, this is the create
method:
public static function create(array $attributes)
{
$model = new static($attributes);
$model->save();
return $model;
}
So, if you manually initiate a model using something like this:
$account = new Account(Input::all()); // Mass assignment through constructor
$account->save();
This will be a mass assignment. In this case you need to create the Account
model by extending the Eloquent
like this (You already have one):
class Account extends Eloquent {
// Protect mass assignment
protected $guarded = array('username', 'password');
//...
}
You may read more about Mass Assignment on Laravel
website.
这篇关于Laravel 4大规模任务守卫不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!