Where put the referential integrity in the MVC structure of CI.

[eluser]KarlFranz[/eluser]
All in the title.

I need to validate some information.

class Contacts extends Controller
{
function save()
{
$this->load->model(');
// section 1
$this->contact_model->add($data);
}
}

class contact_model extends Model
{
function add($data)
{
//section 2
...
return (run query);
}
}

If I want to be sure if the contact to be added is linked in the client I'm in, where to put the validation.

Many people tel about the controller but the model can be load in many controllers, I don't want to copy/paste my validation in all controller using my contact_model.

[eluser]imaffett[/eluser]
The validation class acts upon data being submitted from a form. You would handle this at the model level.

I think what you are concerned about though is that you can't trust data from the form. Too many people just validate it and dump it into the active record query, without checking that primary/foreign key fields are indeed what you want. Feel free to pm me more with your concern and I can help out.

[eluser]KarlFranz[/eluser]
my fear is not data from a html form, but from other part of my application.
I work on a project with many other programmer.

a model can be call from many controller.

I only be sure then my database never have wrong data caused by bad code doing by me of my partners.

Because programmer are not god, we are human and can make errors.

I prefer getting a fatal error in developping time and fix it than, pass free, filling bad data, never see it, and put it in production.

[eluser]BrianDHall[/eluser]
Your validation would be in your model, presumably in your add() method - you validate that add can be called with the parameters submitted in that given context, and if not either return false, or send back an error string, or blatantly throw an error.

I do something similar with an edit() function in a model - there I make sure the presently logged in user should actually be editing that item before I save the results.

[eluser]KarlFranz[/eluser]
It's seen logic to me, but CodeIgniter programmer put all validation in controller, that's my problem.

Why put the validation in controller and expose you by high risk of backdoor code passing direcly by the model without validation.

Somebody can explain to me, why make model without any validation to protect your data (add/edit) no filter (get/list)

sorry, I think my english is so worst this morning.

[eluser]imaffett[/eluser]
Not sure how to respond to this. It seems like you want a framework that writes most of your code for you. Some attempt to do this, but suffer for performance issues and usability.

It's up to the developer to implement the data integrity checking. The database class is a pseudo active record class, but not all developers use it.

I use two level validation in my code. I validate the html data from the forms, and then in my model. The reason being, some of my code is web services used by desktops or handhelds that do not have XSS issues, etc. The model additionally handles data integrity. I'm the only one that touches the models. The other developers have access to the controllers and views, but I know they shouldn't' be able to pass through bad/invalid data.

[eluser]wiredesignz[/eluser]
Don't confuse input validation by the controller and data validation by the model. They are not the same thing. I think the OP understands this, but the rest of you seem confused.

[eluser]KarlFranz[/eluser]
thanks wiredesignz, I think i'm confusing about it.

I will put my data validation in the model, and put everything else in the controller.

Thanks all.

[eluser]BrianDHall[/eluser]
[quote author="KarlFranz" date="1256931750"]It's seen logic to me, but CodeIgniter programmer put all validation in controller, that's my problem.

Why put the validation in controller and expose you by high risk of backdoor code passing direcly by the model without validation.

Somebody can explain to me, why make model without any validation to protect your data (add/edit) no filter (get/list)

sorry, I think my english is so worst this morning.[/quote]

I actually agree, and don't use validation on my controller. I use Datamapper OverZealous Extension (DMZ), and it by convention uses something very much like the form validation class built entirely in the Model. I don't really write much of any validation in the controller any more, it seems so much better to do it in the model that I don't know why anyone would want to do it in the controller anymore.

So I just load $_POST into my model object and let it figure out if something passed to it was improper or insecure. I think that's the models job - to handle data. This logically should include keeping the data safe, valid, and secure.

Don't confuse others bad practice (copy/pasting validation rules into controllers all over the place) with CodeIgniter.