将表单与原始输入传递给服务层 [英] Passing forms vs raw input to service layer
问题描述
是更好的方法是验证表单并将其过滤后的输入传递给服务层,还是将原始输入传递给服务层,并让服务验证输入(有或没有表单实例)?
Is it better to validate a form and pass its filtered input to the service layer, or to pass the raw input to the service layer, and have the service validate the input (with or without a form instance)?
很明显,如果是后者,则控制器仍然需要访问该表单,以便可以将其发送到视图以进行渲染.如果是这样,您是否只需通过服务($ service-> getRegistrationForm())访问表单?
Obviously, if it's the latter, the controller still needs access to the form so that it can be sent to the view for rendering. If so, would you just access the form via the service ($service->getRegistrationForm())?
另请参阅:
- Dependency management in Zend Framework 2 MVC applications
- Factory classes vs closures in Zend Framework 2
推荐答案
表单本身应处理验证,ZF2在Form类上具有启用此功能的方法.
The Form itself should handle the validation, ZF2 has methods on the Form class that enable this.
在希望从表单获取某种数据的控制器上执行的操作中,我要做的第一件事就是验证表单($form->isValid()).如果表格无效,则控制器将立即处理.通常,这涉及直接跳转到返回ViewModel的形式(现在包含数据+验证结果),以便用户可以看到任何验证错误.
In an action on a controller that expects some kind of data from a form one of the first things I do is validate the form ($form->isValid()). If the form is not valid the controller will handle this immediately. Normally this involves jumping straight to returning the ViewModel with the form (which now contains data + validation results) so that the user can see any validation errors.
我不知道您为什么不检查是否有有效数据或使用已知无效的数据就不做进一步的工作.实际上,数据甚至可能是恶意的(CSRF,由表单验证处理).
I don't see why'd you bother going any further without checking to see if you've got valid data or with data you know to be invalid. In fact the data might even be malicious (CSRF, which is handled by form validation).
基本上根本不会出现传递原始输入与过滤输入的问题.
Basically the issue of passing raw vs filtered input never really comes up.
这篇关于将表单与原始输入传递给服务层的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
