Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Where does input validation happen in MVC?

Tags:

php

model-view-controller

Ok, this has probably been asked before but i cant find a definative answer. Where in the MVC pattern should validation of input happen?

I would like to say that things like empty fields and basic general validation should happen in the controller and that rules as lengths and valid characters of for example usernames / passwords etc should happen at the model layer.

However, this means spreading this burdon around the application which surely cant be good either?

Sorry if this question is naieve but I am relatively new to this type of programming and want to get things correct from the start.

like image 537
david Avatar asked Oct 10 '10 20:10

david

People also ask

Where should input validation occur?

Because it is difficult to detect a malicious user who is trying to attack software, applications should check and validate all input entered into a system. Input validation should occur when data is received from an external party, especially if the data is from untrusted sources.

What is validate input in MVC?

The ValidateInput attribute is used to allow sending the HTML content or codes to the server which, by default, is disabled by ASP.NET MVC to avoid XSS (Cross-Site Scripting) attacks. This attribute is used to enable or disable the request validation. By default, request validation is enabled in ASP.NET MVC.

Which namespace is required for validating the input data in MVC?

DataAnnotations namespace. These attributes are used to define metadata for ASP.NET MVC and ASP.NET data controls. You can apply these attributes to the properties of the model class to display appropriate validation messages to the users.

1 Answers

Validation is the job of the model.

As models have various attributes (fields), only the models can know what combination of inputs make that model valid. It's not just about whether a field is blank, or the input of that field matches some pattern, but sometimes this is a combination of field inputs, or the model's relationship to other models that determine the valid state.

Your model should encapsulate this logic so you can interrogate it ("are you valid?") and not have it spread across other parts of your code.

like image 81
Andrew Vit Avatar answered Nov 15 '22 13:11

Andrew Vit
Sign in to Comment

Related questions

With SQlite, how do you show current PRAGMA settings?
Running exec as a different user
Testing RESTful web services using PHPUnit
Git: pre-receive hook with PHP_CodeSniffer
Create order programmatically in Magento
Implementing Social Login without third party, using openid-selector
Can we set a cookie in php according to client's time?
Symfony 2 Form collection field with type file
Why split the View in MVC into a view class and a template
PHP 'else return' VS auto return
Struggling With OOP Concept
How to use dynamic urls in acceptance tests from command line with Codeception
symfony: autowiring an interface
Sudden OpenSSL Error messages: error:14090086 using file_get_contents
which unit-test framework for PHP: simpletest, phpunit or? [closed]
php mysql fulltext search: lucene, sphinx, or?
PHP mysqli reconnect problem
Sudden "MySQL server has gone away" error in PHP site
PHP Streaming MP3
Caching strategy, when does caching become pointless?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!