[thelist] Data validation (Best Practice) - asp/sql server
Steve Lewis
nepolon at worlddomination.net
Thu Nov 18 12:45:08 CST 2004
Michael Pack wrote:
> I became a bit curious yesterday when I ran into a "Best Practice
> for Validating User Input" article at MSDN that points out...
>
> *> Use stored procedures to validate user input.
This has been well covered by others. I wanted to just add a few
points.
plus: For some systems (for simple and infrequently changing
definitions of "valid input" in particular) it makes a lot of sense to
put the data validation into the persistence architecture. This
"pattern" is a recognized and valid option. As other stated, if you
had multiple interfaces (stand-alone TCP/IP client plus a limited web
interface, this used to be *very common*) you gain by performing
validation in one place with this pattern.
minus: Database architecture is closely coupled with the presentation
architecture (ASP in your case).
Implications of this tight coupling include...
Maintenance: If your "business logic" requirements change frequently
you may find it more difficult to maintain the app when the logic is
scattered, and it is usually harder to debug stored procs.
Vendor Lock: You cannot change persistence system vendors (MSSQL aint
cheap. It isn't even competitive) because of your dependance on the
stored proc syntax. (Guess why the vendor recommends you lock
yourself to their product. HINT: That is how they stay in business in
the competitive database market.)
HTH
--
Steve Lewis
More information about the thelist
mailing list