Validating entered user data
This is a general question but I do a desktop application.
Should I check for example the firstname exceeding 50 chars or is this a matter of taste?
Or should I check for > 50 chars because the user could flood my database with 10000000 chars ?
EDIT:
Seems I made the ball rolling... I should have said, that the firstname/lastname in my desktop app are from pupils a teacher enters...
so 50 chars is more than enough entering "Michael" and "Kramer" don`t you thin开发者_如何学运维k? ;-)
You should always validate your input data. If nothing else, I assume that your database field is a set field so you should the stop the user from entering longer strings since you can't store them so too long names would probably throw an error of some kind when the DB insert fails.
The ways of the world are many and varied, and while 50 characters seems like plenty for a WASP first name, I wouldn't go out on a limb and declare that there is nobody anywhere who doesn't have a longer one. Instead, I would make sure that my application never uses fixed length buffers ANYWHERE, so if somebody entered a first name that was 10,000,000 characters long, all that would happen is it would use a few more bytes than usual.
Also keep in mind that while most people don't have any single name much longer than 50 characters, they might have exceedingly many names. Consider, for example, Mr. Adolph Blaine Charles David Earl Frederick Gerald Hubert Irvin John Kenneth Lloyd Martin Nero Oliver Paul Quincy Randolph Sherman Thomas Uncas Victor William Xerxes Yancy Zeus Wolfeschlegelsteinhausenbergerdorft Senior. Not letting users enter their full name is an almost entirely terrible thing to do.
A multilevel validation strategy is usually appropriate.At the user level, don't allow anything that will cause errors later on. However, if you're relying on JavaScript validation, be aware that it can be bypassed easily. Your business and/or data layers should also validate before storing to the database. The same is true if you're sending data off to a service.
Client-side validation for usability. Server-side validation for reliability and integrity.
精彩评论