你在哪里做验证?型号,控制器或视图 [英] Where do you do your validation? model, controller or view
本文介绍了你在哪里做验证?型号,控制器或视图的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
- 查看:JavaScript客户端
- 控制器:服务器端语言(C#...)
- 型号:数据库(存储过程或依赖项)
我认为每个级别都需要验证:
- 用户是否输入了一个合理的值
- 是日期实际日期,是实际数字...
- 执行所有检查1.再次检查恶意攻击(IE XSS或SQL注入)
- 1.中完成的检查主要是为了避免服务器往返行为当用户犯了错误。
- 由于它们是在客户端完成的javascript,您不能相信他们已经运行了。再次验证这些值将会阻止一些恶意攻击。
- 是否满足依赖关系(即,用户是否向有效的问题添加了评论)
- 一个好的界面使这些很难违反。如果有东西被抓到这里,有些事情变得非常错误。
[灵感来自< a href =http://stackoverflow.com/questions/134253/how-many-of-you-do-3-tier-design#134300>此回复]
解决方案
我检查所有层次,但我想注意一下我使用的验证技巧。
我在数据库层进行验证,对模型的适当约束将提供自动数据完整性验证。
这是一种似乎在大多数Web程序员中丢失的艺术。
Where do you put user input validation in a web form application?
- View: JavaScript client side
- Controller: Server side language (C#...)
- Model: Database (stored procedures or dependencies)
I think there is validation required by each level:
- Did the user input a sane value
- are dates actual dates, are numbers actualy numbers ...
- Do all of the checks in 1. again plus checks for malicious attacks(IE XSS or SQL injection)
- The checks done in 1. are mainly to avoid a server round trip when the user makes a mistake.
- Since they are done on the client side in javascript, you can't trust that they were run. Validating these values again will stop some malicious attacks.
- Are dependencies met (ie. did the user add a comment to a valid question)
- A good interface makes these very hard to violate. If something is caught here, something went very wrong.
[inspired by this response]
解决方案
I check in all tiers, but I'd like to note a validation trick that I use.
I validate in the database layer, proper constraints on your model will provide automatic data integrity validation.
This is an art that seems to be lost on most web programmers.
这篇关于你在哪里做验证?型号,控制器或视图的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文