validation help required

[eluser]Chillahan[/eluser]
I am curious - do people use the validation class for final values to input into database (or to otherwise process)? I just use input->post once validation->run() returns TRUE - since validation doesn't clean data, I assume it's safe to use input->post (since input class is the one that cleans data anyway).

Also, I would like to note a 'best practice' of mine regarding callback functions - I always keep them prefixed with _. Note that this means in your validation rules, when you assign the validation rule, it needs to have two underscores, not just one as in the User Guide examples (i.e., __data_check, not _data_check). If you do NOT do this, then you're basically exposing that callback function for public access! Imagine what you're opening up to a hacker anytime you start a new function in a controller file - do not forget this! For example, if you have a validation to check validity of some data, or even worse, to look it up in database, you're opening a wide open hole for a dictionary attack (or at best, a DOS attack on your mySQL daemon).