1. After the overall framework is determined with reference to the previous (mvc framework summary), the default parameters of the request will become:
//默认请求首页: //P=front //C=fIndex //A=show
1.1 Find the action under the controller fIndexController:
//首页展示动作 public function showAction() { //防止恶意调用 $this->checkAuthority(); //不需要具体模型,直接载入模版 require CUR_VIE_PATH.'index.html'; }
2. Preventing malicious calls is placed at our Controller level. It is used by almost all models, so it is placed in the basic model.
/* * 防止恶意调用方法,适用于全部方法 */ protected function checkAuthority() { if(!defined('IN_NG')) { exit("you no authority"); } }
Call this method at any time
3. Reject the lower version of php. Since it is always running, put it directly into the initial file Framework.class.php
4.1 Make CSS an include file
Every page must import CSS, which is really troublesome. Let’s define a file title.inc.html.
But each page has a different CSS, so you can define a constant to prove this page.
define('SCRIPT','index');
The title.inc.html code
"shortcut icon" href="favicon.ico" /> "stylesheet" type="text/css" href="public/front/css/1/basic.css" /> "stylesheet" type="text/css" href="public/front/css/1/.css" />
5.2 Create registration page register.html
参数请求为: 请求注册页 P=front C=fRegister A=show
The code is:
"register">会员注册
5.3 Click on the avatar to pop up the avatar selection box:
"public/front/face/m01.gif" alt="头像选择" onclick="javascript:window.open('face.php','face','width=400,height=400,top=0,left=0')" />
This page stores 64 avatar pages, which can be listed through an array loop
foreach (range(1,9) as $number) {?>
6. Submit data
To submit data to this page, you must make a name-value pair to determine whether the data has been submitted.
?action=register 也可以设计一个隐藏字段来做名值对 <input type="hidden" name="action" value="register" />
6.1 Check the verification code
The purpose of the verification code is to prevent malicious registration and some form forgery cross-site attacks.
The verification code is stored in the session, which can be used to determine whether the current form is submitted. After refreshing once, the verification code changes with
, which can also prevent multiple malicious registrations.
if (!($_POST['yzm'] == $_SESSION['code'])) { _alert_back('验证码有误,请重新输入!'); }
6.2. Accept data
设计变量,将数据提交出来赋值给变量 $_username = $_POST['username']; 也可以通过一个数组来存放提交过来的值 $_clean = array(); $_clean['username'] = $_POST['username']
6.3 Various restrictions and filtering
1.首先,必须去掉两边的空格 $_string = trim($_string);
2.其次长度限制 if (mb_strlen($_string,'utf-8') < $_min_num || mb_strlen($_string,'utf-8') > $_max_num)
3.敏感字符限制 $_char_pattern = '/[<>\'\"\ \ ]/'; if (preg_match($_char_pattern,$_string)) {}
4.敏感用户名限制 $_mg[0] = '22'; $_mg[1] = '11'; $_mg[2] = '33'; foreach ($_mg as $value) { $_mg_string .= '['.$value.']'.'\n'; } if (in_array($_string,$_mg)) { _alert_back($_mg_string.'以上敏感用户名不得注册!'); }
5.转义输入,有效防止SQL 注入问题 //mysql_escape_string(); //addslashes() return mysql_real_escape_string($_string); //这个mysql_是需要连接数据库的
The above introduces the PHP message system (2), including the relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.