Quick Reference
| Topic | File |
|---|
| N+1 queries, eager loading, accessors, observers | INLINECODE0 |
| Validation, middleware order, dependency injection |
controllers.md |
| Job serialization, retries, failed jobs |
queues.md |
| Guards, policies, gates, Sanctum tokens |
auth.md |
| XSS escaping, components, slots |
blade.md |
| Commands, scheduling, tinker |
artisan.md |
Critical Rules
- - Eager load relationships —
with('posts') not lazy ->posts in loop (N+1) - INLINECODE8� in dev AppServiceProvider — crashes on N+1, catches early
- INLINECODE9� only in config files — returns null after �INLINECODE10
- INLINECODE11� whitelist fields —
$guarded = [] allows mass assignment attacks - INLINECODE13� returns null — use
findOrFail() to avoid null checks - Job properties serialize models as ID — re-fetched on process, may be stale/deleted
- INLINECODE15� requires controller routes — closures break cached routes
- INLINECODE16� doesn't catch
exit/timeout — only exceptions roll back - INLINECODE18� uses transactions — faster than �INLINECODE19
- INLINECODE20� skips escaping — XSS vector, use
{{ }} by default - Middleware order matters — earlier middleware wraps later execution
- INLINECODE22� validation passes empty string — use
required|filled for content - INLINECODE24� persists immediately —
firstOrNew returns unsaved model - Route model binding uses
id — override getRouteKeyName() for slug
快速参考
| 主题 | 文件 |
|---|
| N+1查询、预加载、访问器、观察器 | eloquent.md |
| 验证、中间件顺序、依赖注入 |
controllers.md |
| 任务序列化、重试、失败任务 | queues.md |
| 守卫、策略、门卫、Sanctum令牌 | auth.md |
| XSS转义、组件、插槽 | blade.md |
| 命令、调度、Tinker | artisan.md |
关键规则
- - 预加载关联关系 — 使用 with(posts) 而非在循环中惰性加载 ->posts(N+1问题)
- 在开发环境的AppServiceProvider中启用 preventLazyLoading() — 遇到N+1时直接崩溃,及早捕获问题
- env() 仅用于配置文件 — 执行 config:cache 后返回null
- $fillable 白名单字段 — $guarded = [] 会允许批量赋值攻击
- find() 返回null — 使用 findOrFail() 避免空值检查
- 任务属性将模型序列化为ID — 处理时重新获取,可能已过期或删除
- route:cache 要求使用控制器路由 — 闭包会破坏缓存路由
- DB::transaction() 不捕获 exit/超时 — 只有异常才会回滚
- RefreshDatabase 使用事务 — 比 DatabaseMigrations 更快
- {!! $html !!} 跳过转义 — 存在XSS风险,默认使用 {{ }}
- 中间件顺序很重要 — 先执行的中间件包裹后执行的逻辑
- required 验证会通过空字符串 — 内容验证应使用 required|filled
- firstOrCreate 立即持久化 — firstOrNew 返回未保存的模型
- 路由模型绑定使用 id — 如需使用slug请重写 getRouteKeyName()
