Welcome Guest, Not a member yet? Register   Sign In
Validation in controllers
#1

(This post was last modified: 09-05-2019, 11:41 AM by milengardev1994.)

Hello all,

I have some general best practices question about how to handle validation. 
As far as my knowledge gets we do form validation in the controller. For example, to check if certain fields are required, max length and etc.
In my practise I have seen that sometimes this validation checks can become quite big.
In those cases I usually separate them the in different private function in the controller so the code can be more readable and to off-load some of the function content.
However I don't feel that having private functions in the controller and chunking the things so much is a good thing and also in terms of reusability can be not so handy to keep them in the controller.

What would you suggest when you have large validation functions?
Reply
#2

You can also just grab all the data in the controller, pass them to the model and do the validation in the model. Throw an exception if it's not valid and make your controller catch the exception to display the error in the view. That way you can call the validation function from anywhere in the application.
CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
/*** NO support in private message - Use the forum! ***/
Reply
#3

@2milengardev1994,

...or you could create a private method/function that handles only validations. This way your page controllers will stay small. https://codeigniter.com/user_guide/gener...te-methods
...or you could create a helper function that handles only validations. https://codeigniter.com/user_guide/gener...-functions
...or you could create a validation library. https://codeigniter.com/user_guide/gener...aries.html

You have many options to choose from.
Reply
#4

Thank you for the answers.
I have checked all your suggestions. 
For me it seems that the validation should be done in the model and as far as I see that how is also suggested in CI4.

Regards,
Reply
#5

HTML 5 has builtin validation and should alleviate most problems:

HTML5 Attributes

HTML5 added the following attributes for <input>:

autocomplete
autofocus
form
formaction
formenctype
formmethod
formnovalidate
formtarget
height and width
list
min and max
multiple
pattern (regexp)
placeholder
required
step
Reply
#6

@John_Betong: That's a HUGE security problem. As people can just delete those from the DOM and submit XSS etc without any issue.

Personally I'm using form validation inside Controllers (with private functions to load my rules), as I'm using multiple models for saving data. So I need to validate it before processing it into my models. If I would do it again from scratch I would put my logic inside a library or extend a controller with those private functions. So that the main controller won't be so bloated.
Reply
#7

(09-15-2019, 01:25 AM)jreklund Wrote: @John_Betong: That's a HUGE security problem. As people can just delete those from the DOM and submit XSS etc without any issue.

Exactly! Validation should be done on both side. On the frontend for better user experience (with html5 and javascript) and on the backend for security because you can't trust what is coming from the web, even if you do validation in your form.
CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
/*** NO support in private message - Use the forum! ***/
Reply
#8

In frontend views I use html_escape() with input and textarea.
Reply
#9

Hi, I was dealing with the same problem where to put validation and my conclusion is that, you can do both validation in controller (checking if format is correct and check against injections) and in model checking for data integrity. That means you can use model from different controllers/libraries and submit data and it will be valid until model it allows, if you decide configure form validation you simple edit controller where is only place that use form validation. Model can be used by many other classes. If you want to keep it as slim as possible use private function like it was suggested. This seams the most logical way.
Reply
#10

I'm using form validation inside Controllers because I consider is the best way for to do.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB