Usage of capital letters
- A function is used to instantiate the controller
- Format: [resource://][module/]controllerA($name,$layer='',$level ='')
@param string $name 资源地址 @param string $layer 控制层名称 @param integer $level 控制器层次 @return Controller|falseCopy after login
##B executes a certain behavior B($name,$tag='',&$params=NULL)This is a new function that comes into being with the behavior. It can execute a certain behavior, such as B('app_begin');@param string $name 行为名称 @param string $tag 标签名称(行为类无需传入) @param Mixed $params传入的参数 @return voidCopy after login
It is to execute all the functions defined by this behavior before the project starts. It supports 2 Parameters, the second parameter supports the need to accept an array
For exampleB('app_begin',array("name"=>"tdweb","time"=>time()));Copy after login
C Read and set configuration parameters C($name= null,$value=null,$default=null)Get the value:@paramstring|array $name 配置变量 @param mixed $value 配置值 @param mixed $default 默认值 @return mixedCopy after login
Set the value:Get all settings: C(); does not pass any parameters, Returns an array containing all settings.
- Get the specified configuration: C('URL_MODEL') This way you can get the configuration information of URL_MODEL
- Get the specified two-dimensional array configuration: C("array.name") This way you can return the array The key under array is the value corresponding to name
Assign a value to the two-dimensional array C("array.name", "value"), the principle is the same as above (get the value of array.name), the following value is the value
- Batch assignment:
$test=array("URL_MODEL"=>1,"THIN_MODEL"=>true"); C($test); 这样直接将数组里的值赋值了Copy after loginJudge whether to assign value: It should be noted that, Although the configuration value is changed here, it is only changed on this page, and it will not work on the next page.C("?URL_MODEL")这样前边加个"?",如果已经赋值,则返回trueCopy after loginIf you want to change it permanently, you need to cooperate with the F function to write the configuration file into config. PHP will do.
The D function is used to instantiate the model class format [resource://][module/]model D($name='',$ layer='')The D function has two advantages:@param string $name 资源地址 @param string $layer 模型层名称 @return ModelCopy after loginFirst, if this Model has been instantiated before, it will no longer be instantiated, saving resources;
- The second is to facilitate debugging. If this Model does not exist, a TP exception will be thrown, which is very user-friendly.
- If you want to access the Model of this project directly, D("Model name"); is fine. If you plan to access across projects, use D("Model name", "Project name");
EThrow exception handlingE($msg, $code=0)@param string $msg异常消息 @param integer $code 异常代码默认为0 @return voidCopy after login
F Fast file data reading and saving For simple type data strings and arrays F($name, $value='',$path=DATA_PATH)@param string $name 缓存名称 @param mixed $value 缓存值 @param string $path 缓存路径 @return mixedCopy after login
G recording and statistical time (microseconds) and memory usageUsage method:G($start,$end='',$dec=4)Copy after loginAmong them, statistical memory usage is required MEMORY_LIMIT_ON is only valid when the constant is trueG('begin'); // 记录开始标记位 // ... 区间运行代码 G('end'); // 记录结束标签位 echo G('begin','end',6); //统计区间运行时间精确到小数后6位 echo G('begin','end','m'); // 统计区间内存使用情况 如果end标记位没有定义,则会自动以当前作为标记位Copy after login@param string $start 开始标签 @param string $end 结束标签 @paraminteger|string $dec小数位或者m @return mixedCopy after login
I obtain input parameters support filtering and default valuesUsage method:I($name,$default='',$filter=null)Copy after loginI('id',0); //获取id参数自动判断get或者post I('post.name','','htmlspecialchar s'); //获取$_POST['name'] I('get.'); //获取$_GETCopy after login
L() gets and sets the language definition (not case sensitive)L($name=null,$value=null)Copy after loginLanguage definition function, L("intro") gets the language defined as intro, l("intro" , "Introduction") Assign a value to intro@paramstring|array $name 语言变量 @param mixed $value 语言值或者变量 @return mixedCopy after login
M function is used to instantiate a Model without a model fileM($name='',$tablePrefix='',$connection='')Copy after login@param string $name Model名称支持指定基础模型例如MongoModel:User @param string $tablePrefix表前缀 @param mixed $connection 数据库连接信息 @return ModelCopy after login
NSet and get statistical dataUsage method:N($key,$step=0,$save=false)Copy after loginN('db',1); // 记录数据库操作次数 N('read',1); // 记录读取次数 echo N('db'); // 获取当前页面数据库的所有操作次数 echo N('read'); // 获取当前页面读取次数Copy after login@param string $key 标识位置 @param integer $step 步进值 @return mixedCopy after login
R($url,$vars=array(),$layer='')Copy after login@param string $url调用地址 @paramstring|array $vars调用参数支持字符串和数组 @param string $layer 要调用的控制层名称 @return mixedCopy after login
T($template='',$layer='')Copy after login@param string $name 模版资源地址 @param string $layer 视图层(目录)名称 @return stringCopy after login
U($url='',$vars='',$suffix=true,$domain=false)Copy after loginUsage:@param string $url URL表达式,格式:'[模块/控制器/操作#锚点@域名]?参数1=值1&参数2=值2...' @paramstring|array $vars传入的参数,支持数组和字符串 @param string $suffix 伪静态后缀,默认为true表示获取配置值 @paramboolean $domain 是否显示域名 @return stringCopy after login
跨项目访问:
U("appname://Other/otherMethod");Copy after login使用路由访问:
U("appName://routeName@moduleName/actionName?params");Copy after login另外,如果想直接跳转,那么就在第二个参数写1
U("/nowMethod",1)Copy after login这样就直接调转到指定URL了
W渲染输出Widget
W($name,$data=array())Copy after login@param string $name Widget名称 @param array $data 传入的参数 @return voidCopy after login
S缓存管理
S($name,$value='',$options=null)Copy after login@param mixed $name 缓存名称,如果为数组表示进行缓存设置 @param mixed $value 缓存值 @param mixed $options 缓存参数 @return mixedCopy after login
当网站不涉及复杂的用户交互时,可以对用户所有提交的文本进行htmlspecialchars函数处理。
例子
M('Member')->save(array('content'=>I('post.content')));
- cookie的信息一但被别人通过XSS攻击获取后也一样等同于把自己的帐号密码给了别人。
- 对cookie进行IP绑定,(当然也可以获取用户客户端更多的其它信息进行同时绑定)可以根据用户的IP来判断这个cookie是不是来原始授权用户。
示例
$auto=I('post.auto');//用户设置了自动登录
if(!empty($auto)){
cookie('auto',encrypt(serialize($data)));//将登录信息保存到cookie,其中$data里含有加密后的帐号,密码,和用户的IP,这里的cookie已在全局中设置过期日期为一周
}if (!is_login()) {//是否未登录状态?
$auth=cookie('auto');
if(!empty($auth)){//是否未有自动登录cookie?
$data=unserialize(decrypt($auth));
if(!empty($data) && !empty($data['username']) && !empty($data['password']) && !empty($data['last_login_ip'])){
$user=M('Member')->where(array('username'=>$data['username'],'password'=>$data['password']))->find();
if(!empty($user['id'])&&($user['last_login_ip']==get_client_ip())){//cookie帐号密码是否有效?//IP来源是否相同?
login_session($user['id'], $user['username'], $data['last_login_ip']);//用户自动登录成功
}
}
}
}
- 优点:大多数场景下可使被XSS攻击盗取的cookie失效。
- 缺点:由于IP存在多台电脑共用的可能,对绑定做不到十分精细
可以保证cookie只在http请求中被传输,而不被页面中的脚本获取,现市面上绝大多数浏览器已经支持。
<iframe src="http://alibaba.com" sandbox>
为iframe的增加的sandbox属性,可以防止不信任的Web页面执行某些操作.相信这个方法以后会被广泛使用。
The above is the detailed content of Summary of tp framework development. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
