Questions about how MVC works?

[HGeneAnthony]

I've been reading up on MVC and I have a few questions.  I'm already familiar with splitting the data from the view but I don't know if with MVC if the controller handles the logic of checking to make sure the data is allowed or if this is handled by the model.  IE. If someone tries to add a new record should the controller check the data before it passes it to the model to make sure it's within allowed ranges or should the model handle this?  If the controller checks this should I also check it in the model?  If I don't check it in the model can this cause security issues with a public function of a class?

[mkoga]

If you are going to use the data in the controller before passing it to the model, then by all means, validate it. I like to keep validation in the model so if more than one controller uses the same model, you only need to write validation code once.

 

Also depending on the framework you use, if any, you should probably screen input before the data hits the controller. Just to cover Sql Injection and XSS.

 

Hope that helps.

[Liquid Fire]

I assume that the form itself is going to be validated with javascript which is the client side checking.  I also have in my framework, is my base model file so when any model attempts to be saved, it checked to make sure all fields marked as required are valid which makes for the server side checking.

[keeB]

Quick interjection -- while client side validation is great, JavaScript can be turned off. Always validate input.