Re: [binarycloud-dev] validating user input

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

> This may be a little off-topic, but when is the best
> time to validate user input, and what is the best way
> to do it?
>
> Say there is an html form which takes user input, I
> imagine the data should be checked as soon as the user
> submits the form, but what is the best way to check
> that data? I've been using regular expressions so far.
>
> Will some kind of class for validating user input be
> included in binarycloud, or is it too dependent on the
> specific application?

Ah, this is good stuff.

the way it works with binarycloud r1, if you use formBuilder, is you declare
inputs, with 'simple types' like "this is text" "this is an email address"
etc which are checked with regex.

that works fairly well, but there are problems associated with doing the
validation that "high up" in the application.

in binarycloud r2, because all data I/O is through the entitymanager, we
check it there. that's 10x better for a number of reasons:
    -the same exact code is used to check _all_ incoming data, including xml
posts, html form posts, etc.
    -the same rules are associated with all data I/O
    -FormBuilder can be pretty dumb - this is great because it means you
will have central control over all of your errors, so you don't ever have to
write an error more than once, and it can be used in xml responses the same
as it is used in html forms.

so the idea with form builder, is it builds an XML profile of a form, based
on a form definition or just a default entity profile. we then run that xml
through an xsl to get html.

when the user submits data, formbuilder attempts to take that data and do an
Add() / Edit() operation for that entity. If the operation is successful,
formbuilder outputs the "success" xml, and the xslt handles it.

If there is an error, formbuilder re-builds the xml profile of the form, but
with errors inline... and again, the xslt is responsible for turning that
xml form definition into an html layout - in this case, a layout with all
the user's data in it, and a few highlighted fields, maybe some
instructions.

so the answer is, do your validation at the data i/o level, it's clean,
central, and prevents you from ever having to unnecessarily replicate logic.

_alex

> Just fishing for some advice.
>
> Thanks,
> Curtis.
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great prices
> http://auctions.yahoo.com/
>
> _______________________________________________
> binarycloud-dev mailing list
> bin...@li...
> http://lists.sourceforge.net/lists/listinfo/binarycloud-dev
>