I'm using CakePHP but it's a question about the MVC pattern. I have in my form the input-text for the tags (separated by commas). To add the tags I've created a Tag model method that basically check if the tag exists and then add the new tag or just a new unit in the tag counter (the Tag model has these fields: id, name, slug, count). In the controller I explode the tags field and pass one tag at a time. The question is: where do I sanitize data? In the controller or in the model method? I think it should be in the controller because that's where I explode but in term of reusability I think I should sanitize data in the model. What do you think?
+1
A:
You'd want to sanitize it in from your controller, however, "from" doesn't mean "in." Have a separate class sanitize the data - that way you can call that class from wherever you need to.
You basically want to create the contract that your model will receive good data all the time, which means you'd have to sanitize it beforehand.
MunkiPhD
2010-03-29 14:03:54
Well CakePHP has a Sanitize Class and I'm using that. I was just thinking where I hade to use it.And of course I'll sanitize beforhand, infact in my custom method I call the save/update method after the sanitize happened.
dierre
2010-03-29 14:49:01
A:
You should sanitize your data on the View for client-side and Controller for the server-side.
Sarfraz
2010-03-29 14:04:13
+2
A:
I would say that, strictly speaking, sanitizing your data should occur in the controller, but sanitizing also generally refers to cleaning user input to avoid many issues, such as SQL injection. Since you're using the term "sanitize" in a different context, we have to pay more attention to what that context is.
You're not cleaning up user input, which means it doesn't really need to happen in the controller. You're changing the result of this action depending on whether or not the item you're saving already exists in the database. Therefore, in my mind, it should be happening in the model (or, as MunkiPhD specified, have a method in some sort of helper class that you can call from anywhere - but I say call it in the model).
Edit: Usually, in MVC, the model knows whether it's supposed to save a new row into the database or update an existing one based on whether or not your model instance has a valid ID. If it has an ID, the model should save to the row indexed by that ID. If it does not, the model creates a new one. It's my understanding that all you want to do is know where to make it decide whether to create a new one or update an existing one, and that happens in the model.
JMTyler
2010-03-29 14:09:43
Yeah, the difference in my update is that I have to add a unit in the counter and that's not a default behaviour in the cakephp model but that's not a real problem.
dierre
2010-03-29 14:55:34
Can you not extend the model and tell the framework to use your subclass instead?
JMTyler
2010-03-29 23:28:25
+1
A:
I disagree with sanitizing the data for storage in controller, and think the best place is to do it in model, as controller should not know how the data is stored, but sanitizing needs that knowledge (e.g. mysql_real_escape_string() for storing a MySql vs. pg_escape_string() for PostgresQL, or maybe checking for valid XML if stored in an XML file, or something else for different storage mechanisms).
To prevent things like cross site scripting, do not sanitize the data before storing, as you may have some legitimate use for some html tags later on, and do that (ideally) in view or in controller.
Residuum
2010-03-29 14:16:40
So you're basically suggesting that all depends from what I'm sanitizing, right? In my case my tags are strictly alphanumeric and everytime I have to create the slug (I check the existence of the tag using the slug). So I think I will clean data from html in the controller and I'll check the SQL-Injection and the creation of the slug in in the model. Is that ok?
dierre
2010-03-29 14:53:48
Cleaning the data from HTML should normally be done only for output, maybe you want to have tags like `<a>` e.g. for a webdesign-related website. In that case just store the value pass the value as is to the model and remove HTML on output only, thus keeping the HTML in the storage, where you can access it with other means, like a reporting app. Just remember that any user-generated content, even when stored can be malicious. One method to make that clear is outlined in http://www.joelonsoftware.com/articles/Wrong.html
Residuum
2010-03-29 17:17:35