站点用户可以将自己的参数传递给模型函数吗?
用户可以直接访问模型内部的函数吗? 用户可以直接将参数传递给模型中的函数吗?或者,参数是否必须通过 php 传递?
换句话说: 我有一个名为通知的模型,其中有一个名为 get_notifs($user) 的函数...我使用控制器来调用该函数,例如 get_notifs($_SESSION['user_id'])(已加密)。我不希望有人能够使用除 $_session 以外的任何内容作为参数来调用 get_notifs() 。最好的解决方案是什么?
- 我已经好吗?
- 我应该将
get_notifs()重命名为_get_notifs()? - 我应该检查 方法中的
$_SESSION['user_id']本身? - 或者,还有其他更好的解决方案吗
比这些中的任何一个?
我有一个控制器:ajax.php,它加载模型通知
function __construct()
{
parent::__construct();
$this->load->helper('url');
$this->load->library('tank_auth');
$this->load->model('notification');
$this->load->model('search');
}
function get_notifs()
{
$me = $this->session->userdata('user_id');
if ($e = $this->notification->get_notif($me))
{
...........
}
else{
echo "nothing was found wtf?";
}
......................................... ……………… 模型:notification.php
function get_notifs($user){
......
}
Are functions inside of models directly accessible by users?
Can a user pass arguments directly to a function in a model? Or, do arguments have to be passed through php?
In otherwords:
I have a model called notifications and in there a function called get_notifs($user)... I use the controller to call the function like the get_notifs($_SESSION['user_id']) (which is encrypted). I don't want someone to be able to call get_notifs() with anything but their $_session as a argument. What is the best solution?
- Am I already okay?
- Should I rename
get_notifs()to_get_notifs()? - Should I check the
$_SESSION['user_id']in the method
itself? - Or, is there another better solution
than any of these?
I have a controller: ajax.php which loads the model notification
function __construct()
{
parent::__construct();
$this->load->helper('url');
$this->load->library('tank_auth');
$this->load->model('notification');
$this->load->model('search');
}
function get_notifs()
{
$me = $this->session->userdata('user_id');
if ($e = $this->notification->get_notif($me))
{
...........
}
else{
echo "nothing was found wtf?";
}
.........................................................
model: notification.php
function get_notifs($user){
......
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
你的代码完全没问题!
get_notifs()重命名为_get_notifs()吗?$_SESSION['user_id']吗?,听起来你的应用程序可能会被你自己以外的人使用,即公共开发人员,为什么你要强制开发人员编写代码你的方式,这会让他们对你的申请感到不安。
CI 仅将请求路由到控制器,用户无法访问模型或库或任何其他类,路由如下所示:
/controller/method/param第一段将仅加载控制器文件,第二个将调用 param 中的方法,并将任何其他变量(例如 param)传递给该方法。
来源:http://codeigniter.com/user_guide/overview/appflow.html
作为从上面的流程图可以看出,只有控制器可以访问模型的
Your code is perfectly fine!
get_notifs()to_get_notifs()?$_SESSION['user_id']in the method itself?it sounds liek your application may be used by people other then yourself, i.e the public developers, why would you want enforce developers to code things your way, that's going to make them upset at your application.
CI Only routes requests to a controller, the user cannot access a model or library or any other class, the route goes like so:
/controller/method/paramthe first segment will only ever load a controller file, the second will call the method in the param, passing any other variables such as param to that method.
Source: http://codeigniter.com/user_guide/overview/appflow.html
As you can see from the flow chart above, only the controller has access to the model's
如果您只在会话中使用它,最好的方法是:
当您只使用具有一个全局可用的特定变量的函数时,不需要参数。
编辑:我不知道你为什么在模型中使用函数。没有任何意义,你的意思是方法吗?
If you'll only use it while in a session the best way would be this:
There's no point of requiring an argument when you'll only use the function with one specific variable which is also available globaly.
Edit: I don't know why you're using functions in your models. Doesn't make any sense, do you mean methods?