Current Location: Home> Latest Articles> Use array_diff_ukey() to implement front-end submission field and back-end field mapping check

Use array_diff_ukey() to implement front-end submission field and back-end field mapping check

M66 2025-06-06

In front-end separation transmission, the front-end usually submits data to the back-end in JSON format. To ensure data integrity and security, the backend needs to verify that these fields match the expected fields. The array_diff_ukey() function in PHP can help us achieve this gracefully.

This article will use a simple example to describe how to use array_diff_ukey() to compare fields submitted by the front-end and fields allowed by the back-end to find the mismatched key names.

1. Introduction to array_diff_ukey()

array_diff_ukey() is a PHP built-in function that compares the key names of two arrays and uses a user-defined callback function for comparison. It returns the value corresponding to the key name that appears in the first array but not in the second array.

Function prototype:

 array_diff_ukey(array $array1, array $array2, callable $key_compare_func): array

2. Application scenario: Field mapping check

Suppose we want the backend to receive only the following fields:

 $allowedFields = [
    'username' => true,
    'email' => true,
    'age' => true,
];

The front-end submitted the following data:

 $submittedData = [
    'username' => 'alice',
    'email' => 'alice@example.com',
    'age' => 25,
    'is_admin' => true, // Illegal fields
];

We need to detect that "is_admin" is an illegal field.

3. Use array_diff_ukey() to check illegal fields

 <?php

$allowedFields = [
    'username' => true,
    'email' => true,
    'age' => true,
];

$submittedData = [
    'username' => 'alice',
    'email' => 'alice@example.com',
    'age' => 25,
    'is_admin' => true,
];

// use array_diff_ukey Conduct field comparison
$invalidFields = array_diff_ukey(
    $submittedData,
    $allowedFields,
    function($key1, $key2) {
        return strcmp($key1, $key2);
    }
);

if (!empty($invalidFields)) {
    echo "检测到Illegal fields:\n";
    foreach ($invalidFields as $field => $value) {
        echo "- $field: $value\n";
    }

    // Logs can be recorded or error messages can be returned
    // Sample log interface call(pseudocode):
    $logUrl = 'https://api.m66.net/logs/invalid-fields';
    // sendToApi($logUrl, ['fields' => array_keys($invalidFields)]);
} else {
    echo "Field verification passed。\n";
}

4. Extension: Map field names

If the front-end field name is inconsistent with the back-end (such as camel vs underscore), you can use it in combination with the field mapping table:

 $fieldMap = [
    'userName' => 'username',
    'emailAddress' => 'email',
    'userAge' => 'age',
];

// Reverse the map table for verification
$mappedKeys = array_flip($fieldMap);

// Simulation Submission
$submittedData = [
    'userName' => 'alice',
    'emailAddress' => 'alice@example.com',
    'userAge' => 25,
    'adminStatus' => true,
];

$invalidFields = array_diff_ukey(
    $submittedData,
    $mappedKeys,
    'strcmp'
);

if (!empty($invalidFields)) {
    echo "The following fields are not defined in the mapping table:\n";
    print_r(array_keys($invalidFields));
} else {
    echo "Field mapping verification passed。\n";
}

5. Summary

With array_diff_ukey() , we can quickly find illegal fields passed in by the front-end, or fields not defined in the mapping table. This not only prevents illegal data injection, but also simplifies field verification logic. It is recommended to encapsulate it as a general form verification tool method to improve the maintainability and security of the project.

Related