您在哪里可以在Web应用程序中记录表单数据的验证规则？ [英] Where do you record validation rules for form data in a web application?

问题描述

假设您有一个网页表单，其中包含一些要验证的字段，只能是字母数字的一部分，最小或最大长度等。

您可以验证在客户端使用javascript，您可以将数据发回服务器，并通过ajax报告给用户。您可以在数据库中使用验证规则，并以这种方式向用户推送错误消息。

或以上所有的任何组合。

如果您想要一个地方保留对数据库持久的Web应用程序用户数据的验证规则，那么最好的做法，模式或一般的好建议是什么？

我已经编辑了问题标题，以更好地反映我的实际问题！一些很棒的答案到目前为止btw。

解决方案

所有上述内容：

<

客户端验证对用户来说更为方便。

但是您不能信任客户端，因此代码隐藏也应该验证

类似的数据库不能信任你验证过，所以在那里验证

编辑：我看到你已经编辑了这个问题，要求一个单一的规范验证规则。这被称为数据字典（DD），并且是有益于在不同层中生成验证规则的好事。然而，大多数系统并不会让您感到不舒服，如果您永远不会遇到这样的事情; - ）

一个可能/简单的DD设计对于现代的3层系统，可能只包括一般的max-size / min-size / datatype信息 - 一个Javascript表达式/函数字段，C＃assembly / class / method字段和一个sql表达式字段。 JavaScript可以插入客户端验证，C＃信息可以用于反映加载/调用服务器端验证，并且sql表达式可以用于数据库验证。

但是，虽然这在理论上都很好，但我不知道在实践中实际执行的任何真实世界的系统（尽管它听起来像一个好主意）。

如果你这样做，让我们知道如何去！

Say you have a web form with some fields that you want to validate to be only some subset of alphanumeric, a minimum or maximum length etc.

You can validate in the client with javascript, you can post the data back to the server and report back to the user, either via ajax or not. You could have the validation rules in the database and push back error messages to the user that way.

Or any combination of all of the above.

If you want a single place to keep validation rules for web application user data that persist to a database, what are some best practices, patterns or general good advice for doing so?

[edit]

I have edited the question title to better reflect my actual question! Some great answers so far btw.

解决方案

all of the above:

1. client-side validation is more convenient for the user
2. but you can't trust the client so the code-behind should also validate
3. similarly the database can't trust that you validated so validate there too

EDIT: i see that you've edited the question to ask for a single point of specification for validation rules. This is called a "Data Dictionary" (DD), and is a Good Thing to have and use to generate validation rules in the different layers. Most systems don't, however, so don't feel bad if you never get around to building such a thing ;-)

One possible/simple design for a DD for a modern 3-tier system might just include - along with the usual max-size/min-size/datatype info - a Javascript expression/function field, C# assembly/class/method field(s), and a sql expression field. The javascript could be slotted into the client-side validation, the C# info could be used for a reflection load/call for server-side validation, and the sql expression could be used for database validation.

But while this is all good in theory, I don't know of any real-world systems that actually do this in practice [though it "sounds" like a Good Idea].

If you do, let us know how it goes!

这篇关于您在哪里可以在Web应用程序中记录表单数据的验证规则？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！