|
|
Posted by Rik Wasmus on 10/04/07 06:49
On Thu, 04 Oct 2007 06:29:04 +0200, otrWalter@gmail.com
<otrWalter@gmail.com> wrote:
> I'm rolling my own little DB class (pls, I don't need to hear about
> how wonder this or that class is, thank you, I've reading over 2 dozen
> such libaries) and I have a question to this group...
>
> Workflow:
> 1) submit data form
> 2) pull data from POST
> 3) "clean" data
> 4) update record
>
> Now, my question deals with step 3.
>
> On one hand, the cleansing of the data needs to be done by the
> developer.
>
> On the other, would it be logical for the DB class to take a whack at
> the data set and to make sure each field is the data type that the
> database is expecting? Or should the developer code that as well?
Ideally it works with prepared statements, where the number/string
distinction is allready taken care of. There may be other requirements on
data however (a phone number or postal code should be valid, some number
has a min or max), which your database should know nothing about, and
shouldn't try to provide usefull error messages for the user. That really
is something up to the code using the database.
--
Rik Wasmus
Navigation:
[Reply to this message]
|