HGeneAnthony Posted March 28, 2008 Share Posted March 28, 2008 I've been reading up on MVC and I have a few questions. I'm already familiar with splitting the data from the view but I don't know if with MVC if the controller handles the logic of checking to make sure the data is allowed or if this is handled by the model. IE. If someone tries to add a new record should the controller check the data before it passes it to the model to make sure it's within allowed ranges or should the model handle this? If the controller checks this should I also check it in the model? If I don't check it in the model can this cause security issues with a public function of a class? Quote Link to comment Share on other sites More sharing options...
mkoga Posted March 29, 2008 Share Posted March 29, 2008 If you are going to use the data in the controller before passing it to the model, then by all means, validate it. I like to keep validation in the model so if more than one controller uses the same model, you only need to write validation code once. Also depending on the framework you use, if any, you should probably screen input before the data hits the controller. Just to cover Sql Injection and XSS. Hope that helps. Quote Link to comment Share on other sites More sharing options...
Liquid Fire Posted March 29, 2008 Share Posted March 29, 2008 I assume that the form itself is going to be validated with javascript which is the client side checking. I also have in my framework, is my base model file so when any model attempts to be saved, it checked to make sure all fields marked as required are valid which makes for the server side checking. Quote Link to comment Share on other sites More sharing options...
keeB Posted March 29, 2008 Share Posted March 29, 2008 Quick interjection -- while client side validation is great, JavaScript can be turned off. Always validate input. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.