On Wed, Mar 25, 2009 at 5:06 PM, Simon Corless <si...@sico.co.uk> wrote:
> > > > fab2008 wrote: > > > > Hi all, > > > > I want to ask a simple question about validating user input especially > the > > input from the url taken with $this->_getParam(). An example: > > > > Currently I write my models assuming that the parameters are correct, > this > > mainly because the data are taken using a Zend_Form subclass and the > > validators make the hard job, but I have a doubt because on the other > side > > the model classes are not safe used alone and they often needs controls > on > > params correctness otherwise they may go into an inconsistent state, or > > even worse they could have some security vulnerability if used without > > those checks. > > > > What do you suggests? > > > > I believe the consensus around here is the fat model skinny controller > concept, try searching the news group on Nabble for it, basically your > model > should handle all it's ins and outs from any data and your controller does > very little other than call various models as required. > > You may also want to look in to Zend_Form and it's use as a validator which > you can then call in your model to validate and filter the data. > > In short it's probably 'best' to change to your second method! > > Simon > I, too, use Zend_Form's validators, then all you need to do is in your add/edit method, call: if (!$form->isValid($data)) { return false; } If anyone has a really good regexp or 2 for cleaning up various inputs by the way, I'd *LOVE* to see them.