CodeIgniter Forums
Where in code validate/sanitize inputs? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forum-5.html)
+--- Forum: Model-View-Controller (https://forum.codeigniter.com/forum-10.html)
+--- Thread: Where in code validate/sanitize inputs? (/thread-78669.html)



Where in code validate/sanitize inputs? - Acuru - 02-23-2021

What is the best practice to put validation/sanitization logic? In controllers or rather in models? Since from what i understand, controllers operate on users demands and accepts input from them i guess that would be for me logical place to process data there, and keep models for interworking, when data is safe already, but then, i can use same model function for sanitizing data in multiple places. I am kinda new to MVC, and since i am self-taught I am missing so some basic concepts :X

I searched forum but closest answer was posted years ago.


RE: Where in code validate/sanitize inputs? - InsiteFX - 02-23-2021

Models should handle your applications business logic so that is where I would do it.

Models insert and receive the data from the database. So when doing inserts you would
want to sanitize the data before placing it into the database.


RE: Where in code validate/sanitize inputs? - iRedds - 02-23-2021

For example, I use separate classes - services for business logic.
The models in my implementation are repositories (working only with the database).


RE: Where in code validate/sanitize inputs? - Chroma - 02-25-2021

I am going to give my opinion for what it's worth.

Put it in the place that makes the most sense.

For example:
  • When getting input from the user that needs sanitising, put that in the controller.
  • When checking the calculations or output from a business process, do it there.
  • When passing data from one place to another, make sure that the data arriving is reasonable, so check it there.
As you can see, there is no one best place. it needs to be done at the input to your libraries, at the input of your controllers. Really anywhere that data can arrive bad and that will then have a knock on effect on the rest of your application.

Make the data clean and worry less about where you check and clean it up.

Try hard to avoid GIGO (Garbage In, Garbage Out)