Hi Matthew and every body,
First a use case:
On an i18n application the user can chose is preferred date format for
display and input.
Let’s say 'dd/MM/YYYY'.
I n the backend I will need a validator to validate the date format and
a filter to convert the date to a Mysql format 'YYYY-MM-dd'.
But here the validation against 'dd/MM/YYYY' won’t work because the date
will be filtered before validation. Well, an easy work around will be to
validate against the 'YYYY-MM-dd' format but it sound not very clean and
I could not use an error message saying the right format to use.
So I’m wondering if data should be filtered prior to validation. Is
there some security concern?
While I see some advantage to filter data, like removing white space,
before it is validated. It looks better to me to run it after the
validation and let know the user that is input is wrong. Then filter
data for formatting and security.
Best Regards,
--
Laurent Melmoux
Annecy, France