fab2008 wrote:
>
> Hi all,
>
> I want to ask a simple question about validating user input especially the
> input from the url taken with $this->_getParam(). An example:
>
> Currently I write my models assuming that the parameters are correct, this
> mainly because the data are taken using a Zend_Form subclass and the
> validators make the hard job, but I have a doubt because on the other side
> the model classes are not safe used alone and they often needs controls on
> params correctness otherwise they may go into an inconsistent state, or
> even worse they could have some security vulnerability if used without
> those checks.
>
> What do you suggests?
>
I believe the consensus around here is the fat model skinny controller
concept, try searching the news group on Nabble for it, basically your model
should handle all it's ins and outs from any data and your controller does
very little other than call various models as required.
You may also want to look in to Zend_Form and it's use as a validator which
you can then call in your model to validate and filter the data.
In short it's probably 'best' to change to your second method!
Simon
-----
Simon
http://www.ajb007.co.uk/
--
View this message in context:
http://www.nabble.com/Models-and-input-validation-best-practices-tp22691571p22696829.html
Sent from the Zend Framework mailing list archive at Nabble.com.
