Welcome Guest, Not a member yet? Register   Sign In

Hello all!

Quick question, where do you put the data validation+filtering on your CI apps..in the controller or the model?

Thanks, Respect.

It's up to you.

The way I do it is:

Model for Database calls, controller for processing, view to display data, helpers to do any additional calculation

yea i was thinking the same thing, but im debating whether I should go against the D.R.Y ideology and also the fact it guarantees security all around, saying its done correctly at the database call / model level...

Though saying you do make the validation at the model level and you find you dont need to strip out, say the html tags for whatever reason, how would you get around that? would you redefine the function in the controller? or just make a specific model for that controller? (saying you have a generic model for mundane tasks - C.R.U.D)

To me - validation is Form Processing. Not Database processing, so it should go in the controller. My opinion.

[eluser]Colin Williams[/eluser]
Quote:To me - validation is Form Processing. Not Database processing

Amen. Models are programming interfaces, and forms are user interfaces. User interfaces and programming interfaces are connected by one entity: the Controller.

And to the DRY principle, by what scenario is a form being processed by two controller functions a requirement?

Thanks! I agree 100% w/ validation being in the controller

I meant saying if you don't put the validation at the database/model level you would need to repeat unneeded code for each call using the model. So if you include a basic type of validation+filtering at the model level you would adhere to the DRY principle more. As opposed to having a repeating pattern of validation+filtering for each database call...

Hope you get what i mean, by the way im referring to the [D]ont [R]epeat [Y]ourself principal...just encase you think I have some other obscure principle in mindSmile

[eluser]Colin Williams[/eluser]
Quote:I agree 100% w/ validation being in the controller

... yet you say ...

Quote:if you don’t put the validation at the database/model level you would need to repeat unneeded code for each call using the model

... so, do you even agree with yourself? In that second quote, in clearer terms you seem to be saying, "If you validate user input in the controller, you would need to repeat validation in the model." Why would you need to validate it twice? And why then do you agree 100% with validating in the controller?

sorry, i meant that as more of a side thought...
I mean if you don't do the validation+filtering at the model level, ex. stripping out all html code and swapping in entities, you would need to write the validation out each time you make that model call in the controller and therefore you would not be using the DRY principle...

Saying you are doing this in the controller
$data = '<b>yum, html coding</b>';
$filtered_data = htmlentities($data);
$query = $this->random_model->insert($filtered_data);

You would save time by not repeating yourself to do mundane validation+filtering tasks by having that validation built into the insert() function in the model. Then you could simple do $this->random_model->insert($data); which will save you time, though you obviously would be doing more checks then just htmlentities. That's just an example.

Quote:Why would you need to validate it twice?

Im simply saying IF you have the validation setup as I mentioned above to save yourself from repeating code, and you find you don't need to strip out something that you previously have coded into the database call you would run into problems. I was just thinking out loud for a solution to it by stating you can redefine that call elsewhere, so it wouldn't be validated twice, just the validation that is being done to it would be changed.

Quote:And why then do you agree 100% with validating in the controller?
Well I agree with the validation of the controller because I found a better way (imo) to split up the model & controller. You would need a validation controller setup w/ a non-routed functions (underscored) to do the validation and communication with the model then just make all your other controllers extend it...make the calls to it when needed that way everything stays all separated and clean Smile

Sorry again if you dont understand what I mean, don't really know how i can make it much clearer then that.


[eluser]Colin Williams[/eluser]
I think you are incorrectly merging the process of validating user input with preparing data for insertion, and least in the terms of this discussion. I wouldn't burden the controller with preparing data, or even setting rules for input. Perhaps we're actually in agreement.

I spent some time thinking about this problem and came up with the following solution.

In my model I have the following:

var $validation_rules['standard'] = array (
  'name' => 'required' // etc. etc.

function set_validation_rules($rules = 'standard')
  if (is_array($rules)) {
    $this->validation->set_rules($rules) // allow the use of custom rules
  } else {

This allows me to keep all the model things in one place, and then carry out validation in the controller really easily, avoiding the need for rules in the controller except for one-off cases.


Any comments? I'm pretty new to all this.

Theme © iAndrew 2016 - Forum software by © MyBB