CModel与CFormModel与CActiveRecord [英] CModel vs CFormModel vs CActiveRecord
问题描述
我正在yii中构建一个数据库密集型应用程序.因此,性能和安全性自然是一个问题.除此以外,表格验证也是主要标准.为了安全起见,我计划对所有Sql查询使用参数绑定.为了进行验证,我想使用Yii提供的验证器,而不是推出自己的验证器.我知道CActiveRecord会对性能产生影响.因此,我计划为所有表创建Cmodel类,在这些模型中定义验证规则,并定义函数以执行sql查询以检索和插入数据.我在网站上收集的所有数据主要是通过表单(大约95%)收集的,如果我使用Cformmodel,我不太了解Cmodel和Cformmodel之间的区别,那么使用这两种方法是否会对性能产生影响?
I am building a db intensive application in yii . So performance and security are naturally a concern . Apart from that form validation is also a major criteria . For security I plan to use parameter binding for all Sql Queries . For validation I want to use validators provided by Yii instead of rolling out my own . I am aware that performance takes a hit with CActiveRecord . So I plan to make Cmodel classes for all my tables , define validation rules in these respective models and also define functions to perform the sql queries for retrieval and insertion of data . All my data collection on the website is primarily through forms (about 95%) , should I use Cformmodel , I dont really understand the distinction between Cmodel and Cformmodel , is there any performance hit in using either .
也为了防止XSS攻击,我想使用HTML purify包装器作为验证规则,因为我几乎到处都读到该包装器的性能很差,即使我将其用作验证规则也会很糟糕吗?即使我正在净化输入,我是否仍应使用Chtml :: Encode显示输出文本?
Also to prevent XSS attack I want to use HTML purify wrapper as a validation rule , since I read almost everywhere that performance is bad for this wrapper , is it going to be bad even if I use it as a validation rule ? And should I be displaying my output text using Chtml::Encode even though I am purifying the input ?
我处理数据的粗略计划是:
My rough plan to deal with the data is :
$users= new Users() ; //Users is extending CModel , contains validation rules
$users=getdata(Yii->app->userid()) ;
if(isset('update'))
{
if($users->validate())
{$users->updatedata() ; }
}
$this->render('users','data'=>$users)
推荐答案
CFormModel继承自CModel,CModel只是一个通用的Model类,在使用CFormModel时没有性能差异,如果您使用CFormModel,这将更适合您的应用程序不打算使用CActiveRecord.
CFormModel inherits from CModel, CModel is just a generic Model class, there are not performance differences in using CFormModel, which is what would suit more for your application if you don't plan to use CActiveRecord.
对于执行sql查询的函数"来说,希望您指的是存储过程,否则就没有那么大的性能提升,即使那样,仅编写用于插入和检索单个模型的SQL查询也无济于事.我的建议是,您以后会在意性能.一旦您确实有需要改进的地方.
For 'functions to perform sql queries' hopefully you mean stored procedures, other wise there is not that big performace gain, even then, writing your own SQL queries only for insertion and retrieval of single models doesn't help much. My advice is that you care about performance latter on. once you really have something to improve upon.
净化输入与编码不同,使用HTML净化可消除有害的html,以防止XSS或您不想允许的其他标签.但是字符串仍然可以包含(')例如. CHtml :: encode的功能,它只是生成等效的HTML,因此您可以获取html实体.
Purifying the input its different from encoding, with HTML purify you eliminate harmfull html to prevent XSS or other tags you dont want to allow. but a string could still contain ( ' ) for example. what CHtml::encode does, its just generating the HTML equivalent, so that you get html entities instead.
这篇关于CModel与CFormModel与CActiveRecord的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
