我有一个Post模型,它具有以下验证规则:
public $validate = array(
'title' => array(
'between' => array(
'rule' => array('between', 1, 60),
'message' => 'Between 1 and 60 characters in length'
),
'format' => array(
'rule' => array('custom', '~[a-zA-Z0-9\s-]~'),
'message' => 'Alphanumeric characters, spaces and dashes (-) only'
)
),
'body' => array(
'between' => array(
'rule' => array('between', 1, 65535),
'message' => 'Between 1 and 65535 characters in length'
)
),
'slug' => array(
'between' => array(
'rule' => array('between', 1, 60),
'message' => 'Between 1 and 60 characters in length'
),
'format' => array(
'rule' => array('custom', '~[a-zA-Z0-9-]~'),
'message' => 'Alphanumeric characters and dashes (-) only'
)
)
);
我还可以插入一个新帖子,如下所示:
<?php $this->Html->script('add-post', array('inline' => false)); ?>
<h1>Add post</h1>
<?php echo $this->Form->create('Post'); ?>
<?php echo $this->Form->input('title'); ?>
<?php echo $this->Form->input('body'); ?>
<?php echo $this->Form->input('slug'); ?>
<?php echo $this->Form->end('Publish'); ?>
现在,当我提交标题类似于blog post title £$&£$^£$的表单时,它会通过并插入,尽管正则表达式与该标题中的符号不匹配。这种情况发生在使用正则表达式检查格式的所有字段上。
但是,如果我尝试提交一条未通过between规则的帖子(如标题超过60个字符),则会成功引发验证错误。
这里可能出现什么问题?
答案 0 :(得分:2)
您的正则表达式模式仅检查字符串中 where 中是否至少找到其中一个字符。因此,如果您仅发布£$&£$^£$,它将会失败,因为在该字符串中的任何位置都找不到有效字符。您应该用以下内容替换规则:
~^[a-zA-Z0-9\s-]+$~