[Catalyst] Form validation in insert() and update()?
mla
maurice.aubrey at gmail.com
Tue May 15 03:42:00 GMT 2007
Bill Moseley wrote:
> On Mon, May 14, 2007 at 04:44:41PM -0500, Dave Rolsky wrote:
>> On Mon, 14 May 2007, mla wrote:
>>
>>> Anyone have validation logic in the model and are happy with it?
>> There are two kinds of validation here. One is model-level validation, and
>> yes, it's in my model code. My model throws exceptions, which I trap in
>> the controller and "mess with" to make it work for the web UI.
>
> I tend to have much less validation in the "model" (if that's the ORM
> layer to the database) and instead use the database to enforce the model
> constraints, where possible.
>
> User input (such as a web form) on the other hand, has to have extra
> validation -- the database can't know the context of the update, of
> course. That's where the form validation tool comes in for me. It
> knows how to move the data from the database to an external
> representation and how to go the other direction, validating along the
> way. It's a tool the controller can use for populating and updating a
> web form, for example.
>
>> The controller might also do some validation, but all it's doing is
>> validating things specific to the controller's environment (in this case,
>> the web UI).
>>
>> Putting your model validation in the controller is a horrible violation of
>> the layering that makes MVC work. What do you do when you want to
>> insert/update/delete outside of the web UI?
>
> Which is why I like the "form" validation tools to not be specific to
> the web/HTML side of things. The HTML side of the forms are easy, anyway,
> and often require hand-customizing. That way the same "forms" can be
> used for more than just the web environment.
So you're saying you place as many constraints on the actual db tables
as possible (e.g., NOT NULL, check constraints, unique indexes, etc).
But then you rely on the form data validation to catch all the normal
user-supplied form errors, right?
You don't rely on the db to actually raise exceptions and propagate
those errors back to the user in some way, right? A db exception would
indicate that the form validation missed something and you'd just croak
in that case. Is that right?
Thanks.
More information about the Catalyst
mailing list