I was wondering whether using a Belt and Braces (Suspenders) approach to programming - and to data validation in particular - was good practice or not. This came about from the following example.
I was creating a form and I added Listeners to all the fields which should mean that the OK
button is only enabled if all the fields in the form have valid values. I was then writing the code which was run when the OK
button is clicked.
The pessimistic side of me decided that Belt and Braces never hurt anyone and it couldn't hurt to validate the form again in case there's a bug in my form logic.
But then I didn't know what to put in if the validation fails. If I do something like this:
if (! form.isValid()) {
displayErrorMessage();
}
then I have to create code to display an error message which should never be shown. Anyone maintaining this code in future is then going to worry about and possibly be confused by this in theory needless dialog. The last thing I want is someone wondering why this particular dialog is never displayed.
An option at the other end of the scale is:
if (! form.isValid()) {
throw new RuntimeException("This should never happen!");
}
Frankly, I feel dirty even typing that but perhaps there's a good reason to use it which I have missed.
So finally I ended up with:
assert form.isValid();
However, the downside of that is that it's not really belt and braces since the braces aren't there at run-time so if there is a bug in the code my form's trousers are still going to fall down as it were.
So maybe I shouldn't have the extra validation at all, but there's still a part of me which thinks it couldn't hurt.
I'd be interested to hear what you do in similar situations.
(Edit: the question is asking what is the best way to ensure the form returns valid data. Assume that the output of the form is validated again before it ends up in the database and so on.)
I don't do much UI work, but recently I found myself doing something very similar. I left in both the belt (validate each control as it changes) and the braces (check is valid again on OK_Click).
I left both in on the basis that if some future change missed validation on the control, it would be caught when the OK button is clicked.
In my head the check on OK is the real validation, and the per control validation is sugar that just enhances the users experience.
That said I haven't thought about it too much, and I don't often do UI work.
From my experience, "just in case" code is sometimes a symptom of lazy programming. I.e., I've found a solution that basically works, I'm not sure it will always work, so I'll throw in some double-checking code "just in case." If you're not sending rocket ships to the moon, this type of thing is relatively harmless, but can be very bad practice nonetheless.
For my (non-rocket-ship) business applications, I always put in error logging and a friendly message, and try to think the problem all the way through so that the users see the friendly message as infrequently as possible. If there is a problem, I'm better able to fix it because my code isn't cluttered up with all kinds of unnecessarily checks.
My coworkers generally do double-validate inputs, "just in case." I think it would depend largely on the people you work with or who will have to maintain your code. If you always double-validate, they will quickly catch on as to what you're doing. If you only sometimes double-validate, they will likely be confused. Perhaps you should consult with coworkers as to their habits? If you work alone or in a very small group, it would probably be okay to double-validate your inputs.
If I were to take over your code, I think the important thing is probably following a convention, either always or never put validation in both places. At least that way I wouldn't get confused.
Edit: As far as web programming goes, javascript is generally used to validate before inputs are sent to the server. Obviously, this isn't enough as users can turn off javascript and circumvent that validation, so server-side validation is necessary in that case. In any case where a user could maliciously or accidentally circumvent the first line of validation, it's imperative to also double-check on the back-end. I imagine this is less of a problem in Java, C#, etc.
I would also say that double validation never hurt anyone, and can only increase security.
I'd also like to bring up a point about your business logic. I assume this is a Winforms application, but the principle applies to the web as well. The UI should not be enforcing business logic. It's fine to put validation there, but it also needs to be in the business logic.
Whatever else you decide to do, just make sure you log the unexpected state and make the program fail somehow to prevent data corruption. Personally I think that is required and sufficient for a case where I'm not expecting an error.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With