Where to check query string values?

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Where to check query string values?

Post by social_experiment »

In a recent project i thought about this issue, where to test the query string value? In this example the value retrieved from the query string looks like this

page.php?id=5

Code: Select all

if (checkValidId($_GET['id']) == 1) {
 // ----
 if (isset POSTbtn) {
  // ----
  modifyInformation()
 }
 else {
  // ----
  displayForm()
 }
}
else {
 // ----
 echo 'Invalid id';
}
The value of $_GET['id'] is tested before it is passed to the modifyInformation() function. If it is valid, the script continues processing. If 0 is returned, an error message is echoed to indicate that the value is not correct.

My question: Where is the best place to test for validity of a value (or values) retrieved from the query string? Obviously before the value is used to manipulate the database but do you create something like my example or do you do the checking in modifyInformation() or elsewhere?
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Where to check query string values?

Post by John Cartwright »

My models will usually be able to validate themselves. I.e.,

Code: Select all

$user = new User();
$user->firstname = 'John';
$user->lastname = 'Cartwright';
$user->email = 'bademailformat.com';

if ($user->save()) {
   //success
} else {
   $errors = $user->getValidationErrors();
}
This is a good way to keep your business logic out of your controllers.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Where to check query string values?

Post by social_experiment »

Yeah that looks much cleaner (and efficient), a question on the example you made, do you validate in save() method?
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Where to check query string values?

Post by John Cartwright »

social_experiment wrote:Yeah that looks much cleaner (and efficient), a question on the example you made, do you validate in save() method?
It is completely up to you how to implement it, but you generally want to have some schema of the data your expecting. Here is a very simplified version of what I generally do

Code: Select all

class User
{
   public function save() 
   {
      if ($this->validates()) {
         //save 
         return true;
      }
      return false;  
   }

   public function validate() 
   {
      $validator = new Validator();
      $validator->addRule('username', new Validator_Rule_NotEmpty());
      $validator->addRule('email', new Validator_Rule_Email());

      if (!$valid = $validator->isValid($this->_data)) {
         $this->_setValidationMessages($validator->getErrors());
      }
      
      return $valid;
   }
}
Post Reply