Re: Data validation

[prev] [thread] [next] [Date index for 2004/11/10]

On Wed, 2004-11-10 at 09:38, Kingsley Kerce wrote:
> (BTW, if this is too off-topic for
> CDBI, what forums are appropriate?  I'm familiar with the c2 wiki, but
> it's often over-abstract.)

If you're using mod_perl for your application, the mod_perl mailing list
is a good place for discussing how to structure web apps.

> Why not perform all -- or most -- data validation at the RDBMS level?

Others have pointed out that many people aren't using Postgres or don't
like the way they have to specify these things with Postgres.  I would
add that there are many kinds of validation which are difficult to do 
even with Postgres, unless you use perl inside the database.  You may
want to run regexes, or use modules that encapsulate some tricky
business logic, or validate things in a way that depends on something
else about the current state of the application.  These are easy with
Class::DBI, but not with a database.

Yes, you could run a perl interpeter inside Postgres, but I find that
objectionable on many levels, the simplest being that the database is
pretty much always the bottleneck in web apps and my goal is to drag
stuff out of it, not put more into it.  I still use basic referential
integrity checks in any database that supports it, but I don't do more
than that at this level.

I've tried validation in various places over the years.  In theory, your
data access objects, i.e. Class::DBI, are the right place to do it. 
Putting this kind of information in your controller code makes it
tightly coupled to your data model and screws up your encapsulation. 
You don't want your shopping cart controller to know about credit card
formats; you want your order class to know about them.

The problem is that when you do it this way you end up having to write
code that carefully checks for exceptions on all of your calls to
Class::DBI objects (or maybe just updates, but somewhere it has to
check), and then ferries any errors up to the template for display. 
This isn't so bad, but it's more work than the very easy
Data::FormValidator approach.  You also have potential problems with
non-transactional databases if the error checking is not done until
objects try to update, and some go through while others fail.  Not an
issue for InnoDB, Postgres, Oracle, etc.

Anyway, at this point, although I think it's probably the wrong place to
do it, I use Data::FormValidator because it's so easy.

- Perrin