Where is the best place to define validation for a field?

Question

A name field needs to be verified as starting with a capital letter and not being allowed to take a number. I'll do this with regular expressions. Implementing the MVC pattern.

Should I have the controller send the value that was input to a checking class and send corresponding error msg's back to the UI and after checking then call the class that writes it to the DB
OR
should I have the controller send the 'value input' to the class that writes it to the DB and this method then calls the validation method?

Answer 1

The first approach seems more correct because the db access logic shouldn't be mixed with validation.

Answer 2

you can use something like this (i've used for email validation)

    [Required(ErrorMessageResourceType = typeof(CCSModelResources), ErrorMessageResourceName = "ANTCommonTextRequiredMessage")]
    [RegularExpression(@"^[a-zA-Z][\w\.-]*[a-zA-Z0-9]@[a-zA-Z0-9][\w\.-]*[a-zA-Z0-9]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]$",
        ErrorMessageResourceType = typeof(CCSModelResources), ErrorMessageResourceName = "ANTCommonTextRegularExpressionMessage")]
    public new string EmailAddress 
    {
        get { return base.EmailAddress; }
        set { base.EmailAddress = value; } 
    }

and you controller code like

    [Authorize]        
    [HttpPost]
    public ActionResult UpdatePersonalDetails(FormCollection form)
    {
        regUserWizard.PersonalDetails = new MVCPersonalDetails();

        if (!TryUpdateModel<MVCPersonalDetails>(regUserWizard.PersonalDetails, form.ToValueProvider()))
        {
            return View("UpdateUser", regUserWizard);
        }
else
        {
            //you code
        }

        return RedirectToAction("Index", "Home");
    }

you view code like

< %= Html.ValidationSummary("Account creation was unsuccessful. Please correct the errors and try again.") %> <% Html.EnableClientValidation(); using (Html.BeginForm()) { %> //you code

Answer 3

THe purpose of the controller is to validate input and provide valid input to models. Your model should not be concerned with what inputs is provided by the views. It should concentrate on Business logic only. You can add some validation code on the client side for ease-of-use as well but it needs to be present on server side too for security purpose.

Your 1st approach is correct...go ahead with it...

Answer 4

In my opinion, it all depends on what kind of validation you want to perform:
1. If you don't want a field to be empty, I will do that check on the view layer. This is where most regex could be applied.
2. If I want to ensure that a user input(, say a username) is unique or not , I will do that validation on the controller side and pass any feeback back to the view. In the latter, the controller might have a dependency on an abstraction of a data access layer or service layer to do the actual checking.