Validate Windows Forms Data
-
OK, i'm building an application where a user will be required to enter customer data which will later be stored in a database. As an example, the user may have to enter the customers email address into a text box. Now obviously, there has to be some kind of validation between the data being entered in the UI and stored in the database not only to avoid sql injection but also to check the format etc. My question is where the validation should occur? Should there be an emailAddress object which performs such validation? It doesn't seem the right approach to attach all the validation to the UI. Regards Wayne Phipps ____________ Time is the greatest teacher... unfortunately, it kills all of its students View my Blog
-
OK, i'm building an application where a user will be required to enter customer data which will later be stored in a database. As an example, the user may have to enter the customers email address into a text box. Now obviously, there has to be some kind of validation between the data being entered in the UI and stored in the database not only to avoid sql injection but also to check the format etc. My question is where the validation should occur? Should there be an emailAddress object which performs such validation? It doesn't seem the right approach to attach all the validation to the UI. Regards Wayne Phipps ____________ Time is the greatest teacher... unfortunately, it kills all of its students View my Blog
You didn't specify whether this was a web app or a winforms app. The answer is different depending on that. In a web application, the answer is it should be done on both the UI *and* on the server side. This is because it is possible to circumvent form controls by writing automation scripts that ignore UI validation. You should be validating on both ends--on the client side to provide quick feedback to the user without a round-trip to the server, and on the back end in case something slipped past the client validation. If, however, you are building a winforms application, it depends on how much detail you give to your design. Good multi-tier design might have you place validation in a business rule, however, there is virtually no danger that the user will hijack the request in a winforms app which means you could validate once on the control and not have to worry about getting bad data. Anyhow, a google search will provide you with a lot of information on how to validate user data using C#. -Matt ------------------------------------------ The 3 great virtues of a programmer: Laziness, Impatience, and Hubris. --Larry Wall
-
You didn't specify whether this was a web app or a winforms app. The answer is different depending on that. In a web application, the answer is it should be done on both the UI *and* on the server side. This is because it is possible to circumvent form controls by writing automation scripts that ignore UI validation. You should be validating on both ends--on the client side to provide quick feedback to the user without a round-trip to the server, and on the back end in case something slipped past the client validation. If, however, you are building a winforms application, it depends on how much detail you give to your design. Good multi-tier design might have you place validation in a business rule, however, there is virtually no danger that the user will hijack the request in a winforms app which means you could validate once on the control and not have to worry about getting bad data. Anyhow, a google search will provide you with a lot of information on how to validate user data using C#. -Matt ------------------------------------------ The 3 great virtues of a programmer: Laziness, Impatience, and Hubris. --Larry Wall
Initially, the app will be winforms based with a view to adding a web based customer portal further into the project. My reason for asking these questions now is an attempt to avoid hard coding potential problems into the design but I also have a desire to keep this as simple as possible. Regards Wayne Phipps ____________ Time is the greatest teacher... unfortunately, it kills all of its students View my Blog
-
Initially, the app will be winforms based with a view to adding a web based customer portal further into the project. My reason for asking these questions now is an attempt to avoid hard coding potential problems into the design but I also have a desire to keep this as simple as possible. Regards Wayne Phipps ____________ Time is the greatest teacher... unfortunately, it kills all of its students View my Blog
Items like this don't, in my experience, create major design issues. Larger business rules such as (and I'm making this up) "Child record can only be entered if Parent record field 'hasChild' is checked" tend to be what cause more problems from a design perspective if you hard code them. You might later decide you want to determine whether a parent has a child based on whether or not there are actually any child records related to a parent record, so such a validation would be done more at the database level (I hope I'm not being to obscure here). Simple "sanity checking", so to speak, won't create major design flaws that will cause you to have to start over. You might have to tweak the patterns you are using, but there is not a lot of danger in doing so and will in all liklihood be necessary. In practice I almost always just add the basic validation to both the client and server (or just the form in winforms) without providing some larger design structure for it. That's me though. I'm sure there are other opinions. ;-) -Matt ------------------------------------------ The 3 great virtues of a programmer: Laziness, Impatience, and Hubris. --Larry Wall