数据验证应该在哪里进行? [英] Where should data validation occur?
问题描述
我已经阅读了有关数据验证应该发生的冲突哲学,它只是让我更困惑。有人说它应该只在数据库中。其他人说,验证规则应该镜像到其他层,如bll或ui。
I've read conflicting philosophies on where data validation should happen and it's just confusing me more. Some say it should only be in the database. Others say that the validation rules should be mirrored in other layers like the bll or ui.
数据验证应该在哪里生效?应该将规则拆分成多个层吗?关于在运行于数据库顶部的应用程序中验证数据的时间和地点,一些实际的最佳做法(与理论相反,在云类型的东西)。
Where should the data validation live? Should rules be split across multiple layers? What are some of the actual best practices (as opposed to theory, head in the clouds type stuff) regarding when and where to validate data in an application running on top of a database.
推荐答案
我的2美分:
数据验证应该出现在两个位置:
Data validation should occur in two locations:
-
对数据执行操作的点,例如验证SQL查询的输入参数。
The point where data is acted upon, for example validating input parameters to an SQL query.
在提交数据的时候进行一般验证,例如在Web应用程序中,一些验证应该在客户端上进行。优点是,您可以快速通知用户输入问题,即不正确形成的电话号码,字符串太长等。然而,这不应该被依赖是一个权威的验证检查,如果在Web应用程序的情况下,恶意用户可能绕过客户端验证。
General validation at the point where data is submitted, for example in a web application some validation should occur on the client. The advantage being that you can quickly notify users of input issues, i.e. incorrectly formed telephone number, string too long etc. However this should not be relied upon to be a authoritative validation check as, in the case of a web application, a malicious user may bypass an client side validation.
在我看来,数据库不应该执行一般验证, / escaped / sanitized进入数据库之前。也就是说,你的数据库模式可以通过列数据类型,约束等给你一个抽象验证级别。这就是说,任何可能触发这些问题的数据在传递到数据库之前应该被清理。
In my opinion the database should not be performing general validation, data should be validated/escaped/sanitised before it goes into the database. That said your database schema can give you a level of abstract validation through column data types, constraints etc. That said, any data that could trigger issues with these should be 'cleaned' before it is passed into the database.
这说,有很多错误的方法,但没有正确的方法。验证取决于应用程序的体系结构,其中的数据的性质以及该数据的使用方式。
This said, there are many wrong ways but there is no right way. Validation depends on the architecture of your application, the nature of the data within in it and how that data is used.
这篇关于数据验证应该在哪里进行?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
