On Wed, Mar 25, 2009 at 5:06 PM, Simon Corless <si...@sico.co.uk> wrote:
>
>
>
> fab2008 wrote:
> >
> > Hi all,
> >
> > I want to ask a simple question about validating user input especially
> the
> > input from the url taken with $this->_getParam(). An example:
> >
> > Currently I write my models assuming that the parameters are correct,
> this
> > mainly because the data are taken using a Zend_Form subclass and the
> > validators make the hard job, but I have a doubt because on the other
> side
> > the model classes are not safe used alone and they often needs controls
> on
> > params correctness otherwise they may go into an inconsistent state, or
> > even worse they could have some security vulnerability if used without
> > those checks.
> >
> > What do you suggests?
> >
>
> I believe the consensus around here is the fat model skinny controller
> concept, try searching the news group on Nabble for it, basically your
> model
> should handle all it's ins and outs from any data and your controller does
> very little other than call various models as required.
>
> You may also want to look in to Zend_Form and it's use as a validator which
> you can then call in your model to validate and filter the data.
>
> In short it's probably 'best' to change to your second method!
>
> Simon
>
I, too, use Zend_Form's validators, then all you need to do is in your
add/edit method, call:
if (!$form->isValid($data)) {
return false;
}
If anyone has a really good regexp or 2 for cleaning up various inputs by
the way, I'd *LOVE* to see them.
