Posted by Sanders Kaufman on 10/04/07 16:53

<otrWalter@gmail.com> wrote in message
news:1191472144.127192.252340@n39g2000hsh.googlegroups.com...

> I'm rolling my own little DB class (pls, I don't need to hear about
> how wonder this or that class is, thank you, I've reading over 2 dozen
> such libaries) and I have a question to this group...
>
> Workflow:
> 1) submit data form
> 2) pull data from POST
> 3) "clean" data
> 4) update record
>
> Now, my question deals with step 3.
>
> On one hand, the cleansing of the data needs to be done by the
> developer.
>
> On the other, would it be logical for the DB class to take a whack at
> the data set and to make sure each field is the data type that the
> database is expecting? Or should the developer code that as well?
>
> Ideas?

There's one set of cleansing things you always have to do to, for example,
prevent SQL injection.
But then there's always a business logic step - where you gotta make the
data conform to some adminsitrative rule.

So what I do is have my database class
(http://www.kaufman.net/bvckvs/bvckvs_database.php.txt) do the SQL injection
prevention stuff.
But then, I use that abstract class to EXTEND another class - which does the
business logic.

Three tier is my rule-of-thumb - database, business logic, user interface.

[Back to original message]