发布于

Methods for Website Internationalization (Providing Multi-language Content)

For websites that use server-side templating engines (e.g., Laravel’s Blade) to render HTML documents, the approach to localization (internationalization) is as follows: For common pages like login and registration, you can use the __() function to translate text based on the lang= query parameter passed from the frontend. For other pages, the language-specific views should be placed in directories like resources/views/{language_code} (for Laravel) or public/{language_code} (where “public” refers to the web root directory).

For fully decoupled applications, such as those where the frontend is developed using MVVM frameworks like Vue.js or React.js for SPAs, and the backend is built with Laravel to provide APIs, localization methods differ. In this case, you should add language-specific subdomains at the domain level, such as cn.vuejs.org for the Chinese Vue.js site, ja.vuejs.org for the Japanese site, with the default vuejs.org serving the English version. Additionally, the database should support language-specific partitioning, where each language code has its own set of tables or databases.

发布于

网站国际化(提供多国语言内容)的方法

对于前端使用服务器端模板引擎(例如Laravel的blade)渲染输出HTML文档的开发方式,本地化(国际化)的方法是,通用的页面,例如登陆注册,可以使用__()函数根据前端传过来的lang=语言代码查询参数翻译文本。其他不同用的页面应该放在resources/views/语言代码目录(对于Laravel)或public/语言代码目录(public代表web根目录)下。

对于前后端完全分离的应用程序,例如前端使用Vue.js、React.js等MVVM框架开发SPA,服务器端使用Laravel开发并提供API给前端调用,本地化(国际化)的方法是,在域名层面添加语言代码子域,例如cn.vuejs.org、ja.vuejs.org分别显示中文Vue.js官网和日文Vue.js官网,主站vuejs.org默认英文Vue.js官网。 数据库也应该根据语言代码分库分表。

发布于

Laravel’s DB Facade Doesn’t Trigger Eloquent ORM Model Events

When using the DB facade to perform database operations in Laravel, Eloquent ORM model events like saving, saved, etc., are not triggered.

If you want to avoid triggering model events in event listeners or queued tasks, aside from using Eloquent’s saveQuietly, deleteQuietly, and similar methods, you can directly use the DB facade to execute database operations.

This approach allows you to bypass Eloquent’s event handling when necessary.

发布于

Laravel使用DB façade执行数据库操作不会触发Eloquent ORM模型事件

使用DB façade执行数据库操作不会触发saving、saved等Eloquent ORM模型事件。当我们不想在事件监听器或队列任务中触发Eloquent ORM模型事件时,除了使用Eloquent ORM模型的saveQuietly、deleteQuietly等方法之外,还可以直接使用DB façade执行数据库操作。

在Eloquent ORM模型事件监听器和队列任务中,要避免使用Eloquent模型增删改查方法,例如create、update、save等。否则会陷入调用死循环 —— 模型事件监听器分发队列任务,队列任务触发模型事件,模型事件监听器再次分发队列任务,队列任务再次触发模型事件……死循环了。

发布于

Modify and Persist Model Instances in Laravel Using the saved Event, Not the saving Event

In Laravel, don’t call the save method on a model instance inside the saving event listener.

If you need to modify a model’s field and persist it within a model event listener, make sure you’re using the saved event, not the saving event. This is particularly important when your event listeners are queued for asynchronous execution.

The saving event occurs before the model is persisted to the database. If you try to modify a field and call save() within this listener, it won’t actually persist to the database, especially when the listener is queued for async execution. For example, modifying the slug field might not actually update in the database.

Instead, use the saved event listener and call saveQuietly to persist the changes, as shown in the example:

static::saved(queueable(function (Topic $topic) {
    // If the slug is empty, translate the title into a slug
    if (!$topic->slug) {
        $topic->slug = app(SlugTranslateHandler::class)->translate($topic->title);
        $topic->saveQuietly();
    }
}));

By using the saved event and saveQuietly, you ensure that your changes are made after the model is successfully persisted, avoiding any issues with asynchronous queue execution.

发布于

Laravel框架应该在saved而不是saving事件监听器中修改模型实例并持久化

不要在saving事件的监听器中运行模型实例的save方法。

要在模型事件的闭包监听器中修改模型实例的某个字段的值并持久化,当模型事件的闭包监听器作为队列任务异步执行时,不能监听saving事件,因为该事件表示模型实例还未持久化到数据库里,因此监听器作为队列任务异步执行的话,就会导致模型实例的某个字段(例如下例的slug字段)的值不能真正持久化到数据库里(记住,不应该在saving事件的监听器里调用模型实例的save方法)。应该在saved事件监听器里saveQuietly模型实例,例如:

static::saved(queueable(function (Topic $topic) {
    // 如果slug字段无内容,就使用翻译器对title字段进行翻译
    if (!$topic->slug) {
        $topic->slug = app(SlugTranslateHandler::class)->translate($topic->title);
        $topic->saveQuietly();
    }
}));
发布于

Learn a Marketable Skill

In your twenties, life can be tough. You might find yourself struggling in the workforce, dealing with PUA (Psychological Manipulation) from bosses, managers, or small business owners. You’re not making money, and you might blame your upbringing—coming from a poor family, lacking in material wealth, mental resources, and even knowledge. It’s not your fault, right?

But in your thirties or forties, if you’re still finding it hard to make ends meet, then the blame falls squarely on you. You’re not putting in enough effort, not being ruthless enough, and most importantly, you haven’t learned a skill that guarantees your survival. You’ve wasted too many years without picking up something practical.

By “skill,” I mean something that can be monetized—blue-collar jobs like welding, auto repair, hairdressing, cooking, forklift driving, or truck driving. Or white-collar jobs like programming, writing, sales, accounting, finance trading, or legal consulting. If you’re not a government official’s child or a rich heir, you’ll have to master at least one of these.

If you want both financial security and freedom—what people often call “making money while standing”—you need to acquire a marketable skill.

As a grassroots worker, if you depend on a specific boss, team, or organization to make a living, over time, you’ll develop an unhealthy dependency. You become their servant, at their mercy, afraid to even quit.

But if you’re living off a marketable skill, no one or organization can enslave you. Your skill is market-driven—if you’re unhappy with one company, you can quit and take a break. When you’re ready, you can join another company, or even start your own business.

Remember, happiness comes from freedom, and freedom comes from courage and perseverance.

发布于

学一门市场化的手艺

二十来岁,你在社会上混得很艰难,被别人(领导、上司、小老板)各种PUA,赚不到钱,大概是你的原生家庭太穷了,物质上穷,精神上穷,认知上也穷,不是你个人的原因。

但是三四十岁,如果你还是在社会上混得很艰难,赚不到钱,那就只能怪你自己了。不够努力,不够狠心,没有学会一门安身立命的手艺,白混了这么多年的社会。

手艺,例如蓝领的电焊、汽修、理发、厨师、叉车、货车等,白领的编程、写作、销售、会计、金融交易、法律咨询等,如果你不是官富二代,你总是要学会一门的。

如果你既想要获得金钱又要获得自由,也就是俗话说的“站着把钱赚了”,你就应该学一门市场化的手艺。

你作为一个草根,如果靠某个领导、某个团队或某个组织而生存的,久而久之你就会对他们形成人生依附,变成了他们的家奴,被他们肆意拿捏,都不敢辞职。

如果你靠一门市场化的手艺而生存,靠自己的手艺吃饭,这样没有人或组织能够奴役你。因为你的技能是市场化的,这个公司或单位干得不爽了,你完全可以辞职休息一段时间,然后去另一个公司或单位照样干活,甚至自己当老板。

记住,幸福源自自由,自由源自勇气和坚忍。

发布于

Cross-Site Scripting (XSS) Attacks and Mitigation Methods

XSS (Cross-Site Scripting) is a malicious attack where an attacker injects harmful JavaScript code into a web page. When a user visits the page, the embedded JavaScript executes, allowing the attacker to target the user with malicious actions.

A common form of XSS attack is cookie theft. Websites often use cookies to identify users. If an attacker can execute JavaScript on a page, they can read and steal the user’s cookies. Once the attacker has access to the cookies, they can impersonate the user and log in to the website.

There are three primary ways to mitigate XSS attacks:

  1. Filtering User Input: Implement a “whitelist” approach to filter out potentially dangerous HTML tags and attributes. Only allow the tags and attributes deemed safe to be sent to the server, blocking everything else. This method helps prevent various forms of XSS attacks.
  2. Special Handling of Data: Use methods like PHP’s htmlspecialchars() to escape potentially harmful characters when rendering data on the webpage, ensuring that JavaScript code is not executed.
  3. Content Security Policy (CSP): Implementing a Content Security Policy (CSP) can help prevent XSS attacks by specifying trusted sources for content, restricting the execution of untrusted scripts.
发布于

跨站脚本(Cross-site Scripting,XSS)攻击及防范方法

XSS 也称跨站脚本攻击 (Cross Site Scripting),恶意攻击者往 Web 页面里插入恶意 JavaScript 代码,当用户浏览该页之时,嵌入其中 Web 里面的 JavaScript 代码会被执行,从而达到恶意攻击用户的目的。

一种比较常见的 XSS 攻击是 Cookie 窃取。我们都知道网站是通过 Cookie 来辨别用户身份的,一旦恶意攻击者能在页面中执行 JavaScript 代码,他们即可通过 JavaScript 读取并窃取你的 Cookie,拿到你的 Cookie 以后即可伪造你的身份登录网站。

有三种方法可以避免 XSS 攻击:
第一种,对用户提交的数据进行过滤。使用『白名单机制』对 HTML 文本信息进行 XSS 过滤,只通过我们认为安全的标签和属性到服务器端,未知的全部过滤掉。这种过滤机制可以有效地防止各种 XSS 变种攻击。
第二种,Web 网页显示时对数据进行特殊处理,例如PHP使用htmlspecialchars()输出。
第三种,使用内容安全策略(Content Security Policy, CSP)防止XSS攻击。

参考
https://learnku.com/courses/laravel-intermediate-training/9.x/safety-problem/12512