Best practices for validating request params?

[Sonny Sukumar]

Hi guys,

I was wondering what the best way is to validate request parameters.  I have 
a few questions:

1.) What is the best way to validate the *existence* of all expected request 
params (both for simple queries and for posting form data)?

By this, I mean I'd ideally like to notify the client if any request param 
wasn't sent.  I was thinking I could write a dedicated action to do this 
validation before another action extracts/formats the values.

2.) Do you think it is even a good practice to take the time/effort/cpu 
power to validate that all expected request params were sent and notify the 
client if they were not?

Otherwise, my action that extracts/formats the values would just end up 
throwing things like NullPointerExceptions, NumberFormatExceptions, etc. 
when it tries to extract/format the values.  This doesn't seem very elegant 
at all to me, even if I do wrap them in ProcessingExceptions before throwing 
them.

One other reason I don't want to throw these seemingly odd and random 
exceptions is because they'll just give a stack trace that says my code 
failed on Line XXX.  On my team we have another development group that is 
working on buiding the actual XHTML webpages and making sure they work with 
the backend.  So these sorts of exceptions and stack traces won't help them 
at all to figure out what went wrong.  If I notify them they forgot a param, 
they can say Oh , I forgot to pass the XYZ param--that's why it's failing 
and fix their XHTML code in short order.

I'm interested to hear all of your thoughts!

Thanks,

Sonny

_
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Best practices for validating request params?

[Simon Price]

You may want to take a look at the (from my dodgy memory) req-params 
action which does a simple existential check on request parameters. 
There's an example of its use in the modular database sample code's sitemap.

Cheers

Simon

Sonny Sukumar wrote:
Hi guys,

I was wondering what the best way is to validate request parameters.  I 
have a few questions:

1.) What is the best way to validate the *existence* of all expected 
request params (both for simple queries and for posting form data)?

By this, I mean I'd ideally like to notify the client if any request 
param wasn't sent.  I was thinking I could write a dedicated action to 
do this validation before another action extracts/formats the values.

2.) Do you think it is even a good practice to take the time/effort/cpu 
power to validate that all expected request params were sent and notify 
the client if they were not?

Otherwise, my action that extracts/formats the values would just end up 
throwing things like NullPointerExceptions, NumberFormatExceptions, etc. 
when it tries to extract/format the values.  This doesn't seem very 
elegant at all to me, even if I do wrap them in ProcessingExceptions 
before throwing them.

One other reason I don't want to throw these seemingly odd and random 
exceptions is because they'll just give a stack trace that says my code 
failed on Line XXX.  On my team we have another development group that 
is working on buiding the actual XHTML webpages and making sure they 
work with the backend.  So these sorts of exceptions and stack traces 
won't help them at all to figure out what went wrong.  If I notify them 
they forgot a param, they can say Oh , I forgot to pass the XYZ 
param--that's why it's failing and fix their XHTML code in short order.

I'm interested to hear all of your thoughts!

Thanks,

Sonny

_
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



--

---
Simon Price
Institute for Learning and Research Technology
University of Bristol
8-10 Berkeley Square
Bristol BS8 1HH
United Kingdom
Direct: +44 (0)7071 226 720
Office: +44 (0)117 928 7193
Fax: +44 (0)117 928 7112
[EMAIL PROTECTED]
http://www.ilrt.bristol.ac.uk
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]