时间:2021-07-01 10:21:17 帮助过:0人阅读
php mass assignment是什么? mass assignment 的中文怎么翻译呢
12年的时候,就有这个概念的了,最早是在Ror上面提出来的。之后Laravel也提出了这个概念。
意思是:在数据库里面创建一个条新的数据的时候,有一些不必要(不能)更新的数据在没有特别的代码过虑(filter)的情况下可能会被恶意更新(创建)。
我觉得可以翻译成:批量赋值
参考:
Ror上面的提问;
Laravel上面的回答;
StackOverFlow上面的回答;
专门的解释;
举例:
Mass assignment is when you send an array to the model creation, basically setting >a bunch of fields on the model in a single go, rather than one by one, something >like:
$user = new User(Input::all());
(This is instead of explicitly setting each value on the model separately.)
You can use fillable to protect which fields you want this to actually allow for >updating.
Let's say in your user table you have a field that is user_type and that can have >values of user / admin
Obviously, you don't want users to be able to update this value. In theory, if you >used the above code, someone could inject into a form a new field for user_type and >send 'admin' along with the other form data, and easily switch their account to an >admin account... bad news.
By adding:
$fillable = array('name', 'password', 'email');
You are ensuring that only those values can be updated using mass assignment
To be able to update the user_type value, you need to explicitly set it on the model and save it, like this:
$user->user_type = 'admin';
$user->save();
mass:
adj. 群众的,民众的;大规模的,集中的
mass assignment翻译为集中赋值
比较恰当吧。
p.s. LZ用的是Laravel框架吧?请参考:http://stackoverflow.com/questions/22279435/what-does-mass-assignment-...
Laravel5 最近看了下。我一般不翻译。