•  30-01-2021
  •  | 
  •  

Im now still learning YII on blog tutorial and curious with some code.

on this link
http://www.yiiframework.com/doc/blog/1.1/en/prototype.auth

there is code like this 

<?php
class UserIdentity extends CUserIdentity
{
private $_id;

public function authenticate()
{
    $username=strtolower($this->username);
    $user=User::model()->find('LOWER(username)=?',array($username));
    if($user===null)
        $this->errorCode=self::ERROR_USERNAME_INVALID;
    else if(!$user->validatePassword($this->password))
        $this->errorCode=self::ERROR_PASSWORD_INVALID;
    else
    {
        $this->_id=$user->id;
        $this->username=$user->username;
        $this->errorCode=self::ERROR_NONE;
    }
    return $this->errorCode==self::ERROR_NONE;
}

public function getId()
{
    return $this->_id;
}
}

and i curious with some code.

  1. Why there is no ?> at the end line of the code?
  2. at this line $user=User::model()->find('LOWER(username)=?',array($username)); why using LOWER(username)=? not LOWER(username)=. WHy there is need ?, is this some query conditional that i didn't know yet maybe?
有帮助吗?

解决方案

  1. ?> is not really needed, according to this link:

    The closing tag of a PHP block at the end of a file is optional, and in some cases omitting it is helpful when using include() or require(), so unwanted whitespace will not occur at the end of files, and you will still be able to add headers to the response later. It is also handy if you use output buffering, and would not like to see added unwanted whitespace at the end of the parts generated by the included files.

  2. the ? is related to SQL syntax as seen from here. Also the second answer here says that:

    The question mark represents a parameter that will later be replaced. Using parameterized queries is more secure than embedding the parameters right into the query.

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top