Consider security issues, plus a token code.
He said the following about how to use thinkphp5 comes with a token to complete.
Of a moment, I did not write a more complete, TP5 document you know, but in the end still rely on documents written out
Document describes several ways, I will not speak, I can speak with a directly used. No additional redundant code and the model layer.
Ado, on the code.
Front-end code
{: Token ( '__ token__', 'sha1')} // inserted in the form of
This automatically generates a form input hidden token
Back-end code
Result = $ this- $> the validate (
[
'__token__' => INPUT ( '__ token__'),
],
[
'__token__' => 'the require | token',
]);
IF (Result to true == $!) {
/ / error information is output verification failure
the dump ($ Result);
}
This is written in the controller, the VC to the intermediate code, is a filter layer.
However, there is a problem need to take note that this form if the form is not only refreshing, then submitted once.
Like what kind of non-empty judgment rear end as far as possible at the front end filtering.
Mainly based on business scenarios come to add, lest cause unnecessary trouble.