tags:

views:

79

answers:

3
+1  Q: 

Where to keep validation logic

OK i have seen other posts about this but none really specifically answer my question.

Where in an application should validation logic be?

I have a small application that allows new products to be instered into an applications database. There are different products with different fields i.e. product name, order number, description etc. New products can be inserted and existing products can be updated. Therefore when a new product is being inserted then all fields must be validated but when an existing product is being updated then only the fields being updated need to be validated i.e. maybe just the descirption is being updated so only that field should be validated.

Im thinking of an abstract class and two concrete classes for full and part product validators, each having their own validation logic contained at class level.

I have the feeling though that there must be a better pattern for this - any advice?

+1  A: 

Assuming that you are using the MVC pattern for your project, validation logic would belong in the model. If you are working on an n-tier project, put the validation logic in your business layer and make sure that no entities can be written without previous validation.

But I would always validate the entire object. Sorting out what has been changed and validating only that seems like overkill. Unless of course you know exactly (by measuring) that this is going to be a performance issue.

Adrian Grigore  2010-09-05 21:39:57
+1  A: 

Where in an application should validation logic be?

Depends on your architecture. Validation can be handled in multiple stages to achieve responsiveness. Typically, though the model/controller seems like a good place in a given MVC architecture. This question came up sometime back on Joel's old forum in context of the MVC architecture. It seems plausible that the model should be responsible for accepting/rejecting input.

Therefore when a new product is being inserted then all fields must be validated

Yes.

but when an existing product is being updated then only the fields being updated need to be validated i.e. maybe just the descirption is being updated so only that field should be validated.

You cannot possibly foretell which exact part will be updated. So, you'll need to write validators for all fields (columns of your database).

You could simplify life and have a single validator class (unless of course validating a particular set of attributes is too complicated/time consuming).

dirkgently  2010-09-05 21:42:59
I will know if its a part or whole product as my validator will get passed an array of fields to validate. If the product id exists in the system then it is assumed, quite rightly, that we are dealing with an update as opposed to an insert. Therefore i have two paths depending on whether the product exists. This is my first check. Should i therefore create a method per field which validates that field, and each validator class - part and whole - can then have its own logic for calling its required methods?
Bob  2010-09-05 21:48:08
@Bob: Differentiating an _update_ from an _insert_ is easy. Sometime back I worked on SOA based WebService and had this exact problem to solve. What I did was to put in validators for each field (instead of forking out a class for each of them as the fields were mostly of scalar/trivial types). The query creation logic (which concatenated the fields to a SQL statement) automatically invoked validation. Also note that I would recommend using existing validators than rolling your own. If however you _have to_ roll your own learn about whitelists/blacklists.
dirkgently  2010-09-05 21:55:50
When validating an update, how do you deal with the large amount of conditional statements required to check exactly which fields are being updated and which arent? Or do you just accept that this is going to happen with updates?
Bob  2010-09-05 21:58:34
As I said the validation is done in bits and pieces. Say I have an `Employee` record with `name` and `mobile` fields. I would somehow need to create a SQL statement of the form `update ...`. In order to do that I pass in the array of parameters to be updated as a map of _fieldname_ and _fieldvalue_ and accordingly invoke the appropriate _fieldvalidator_. I was lucky with PHP as this is trivially solved :-) Alternatively, if you know for sure that only a small sub-set of fields will ever get updated you can create a set of custom _update-validators_. This can later become a maintenance issue.
dirkgently  2010-09-05 22:06:48
A: 

There are several places where you can and should do validation, because there are different levels of validity:

  1. On the client side, fields that are required can be checked upon tabbing off of a UI control; strings that need to match regular expressions such as "yyyy-MM-dd" for dates should be checked. On web UIs, this is usually done using JavaScript.
  2. On the server side, objects should be checked for validity as input parameters are bound.
  3. Objects that are valid still have to be checked for "business validity" when processed (e.g., "a valid credit card number is required when paying by credit card").

You should do both client and server side validation. Binding and validation is done by your service tier when input is bound to objects. They also check against business rules when processing to fulfill a use case.

duffymo  2010-09-05 21:52:12

related questions

Beyond GoF design patterns
What are some real life examples of Design Patterns used in software
What is a good online resource for css 'design patterns'?
In C#, isn't the observer pattern already implemented using Events?
A more generic visitor pattern
Is there a simple, elegant way to define Singletons in Python?
Where do I use delegates?
Using MVP - How to use Events Properly for Testing
Java Singleton vs static - is there a real performance benefit?
Abstract Factory Design Pattern
What is MVC and what are the advantages of it?
Beyond design patterns?
Best book/resource for learning Java design patterns?
What Are Some Examples of Design Pattern Implementations Using JavaScript?
Transactional Design Pattern
Can you really build a fast word processor with GoF Design Patterns?
Singletons: good design or a crutch?
File Parse Design Pattern
Do you use design patterns?
Do you know any patterns for GUI programming? (Not patterns on designing GUIs)
Unit of Work Pattern in .Net
What's your favourite way of interacting with DBs from your programming language?
Why all the Active Record hate?
What JavaScript patterns do you use most?
How do I create a Class using the Singleton Design Pattern in Ruby?