Rails - Apr 2005 - Params['myparam'] validation best practices?

I''m in the process of reviewing all my RoR code to validate all my
params[] usage, and I''m interested to know how people tackle certain
issues, for example, the following action expects two parameters, a year
and a month:

Def list_by_yyyy_mm()
     @yyyy, @mm = @params[''yyyy''],
@params[''mm'']
  ...
End

During development, I didn''t even bother to validate the yyyy and mm
[as
I was following the introductory tutorials, which don''t bother with
such
production concerns. Now I''m thinking about adding something like:

Def list_by_yyyy_mm()
     @yyyy, @mm = @params[''yyyy''],
@params[''mm'']

     redirect_to :controller => ''oops'', :action =>
''bad_param'',
:details=''invalid year'' if invalid_year?(@yyyy)
     redirect_to :controller => ''oops'', :action =>
''bad_param'',
:details=''invalid month'' if invalid_month?(@mm)
  ...
End

The ''oops'' controller would simply log the failure and display
a
friendly ''something went wrong'' view.

But is this the RoR way?
And where is the best place to put my invalid_year?() and
invalid_month?() type params validation functions such that they are
reusable across my app - application.rb?

Thanks

Nev








_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails

On Apr 5, 2005, at 7:41 PM, Neville Burnell wrote:
> I''m in the process of reviewing all my RoR code to validate all my
> params[] usage, and I''m interested to know how people tackle
certain
> issues, for example, the following action expects two parameters, a 
> year and a month:
>
> Def list_by_yyyy_mm()
>      @yyyy, @mm = @params[''yyyy''],
@params[''mm'']
>   …
>  End
>
> During development, I didn’t even bother to validate the yyyy and mm 
> [as I was following the introductory tutorials, which don’t bother 
> with such production concerns. Now I''m thinking about adding
something
> like:
>
> Def list_by_yyyy_mm()
>      @yyyy, @mm = @params[''yyyy''],
@params[''mm'']
>
>      redirect_to :controller => ''oops'', :action =>
''bad_param'',
> :details=''invalid year'' if invalid_year?(@yyyy)
>       redirect_to :controller => ''oops'', :action =>
''bad_param'',
> :details=''invalid month'' if invalid_month?(@mm)
>    …
>  End
>
> The ''oops'' controller would simply log the failure and
display a
> friendly ''something went wrong'' view.
For less complex logic, you can use the "verify" macro 
(http://ap.rubyonrails.com/classes/ActionController/Verification.html). 
If you have more complex requirements, you can use a before filter. The 
benefit of either approach over putting your validation code in your 
action is that it makes your actions smaller and more concise, and 
aggregates your validation code into a single (potentially reusable) 
place.  For example:

   before_filter :validate_yyyy_mm, :only => :list_by_yyyy_mm

   def list_by_yyyy_mm
     ...
   end

   private

     def validate_yyyy_mm
       redirect_to(...) if invalid_year?(@params[''yyyy''])
       redirect_to(...) if invalid_month?(@params[''mm''])
     end

If you use the invalid_year/invalid_month validators in many places 
throughout your code, making them protected methods of your application 
controller is not a bad idea.

Hope that helps,

Jamis

Thanks Jamis 

-----Original Message-----
From: rails-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
[mailto:rails-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org] On
Behalf Of Jamis Buck
Sent: Thursday, 7 April 2005 12:16 AM
To: rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
Subject: Re: [Rails] Params[''myparam''] validation best
practices?

On Apr 5, 2005, at 7:41 PM, Neville Burnell wrote:
> I''m in the process of reviewing all my RoR code to validate all my
> params[] usage, and I''m interested to know how people tackle
certain
> issues, for example, the following action expects two parameters, a 
> year and a month:
>
> Def list_by_yyyy_mm()
>      @yyyy, @mm = @params[''yyyy''],
@params[''mm'']
>   ...
>  End
>
> During development, I didn''t even bother to validate the yyyy and
mm
> [as I was following the introductory tutorials, which don''t bother
> with such production concerns. Now I''m thinking about adding
something
> like:
>
> Def list_by_yyyy_mm()
>      @yyyy, @mm = @params[''yyyy''],
@params[''mm'']
>
>      redirect_to :controller => ''oops'', :action =>
''bad_param'',
> :details=''invalid year'' if invalid_year?(@yyyy)
>       redirect_to :controller => ''oops'', :action =>
''bad_param'',
> :details=''invalid month'' if invalid_month?(@mm)
>    ...
>  End
>
> The ''oops'' controller would simply log the failure and
display a
> friendly ''something went wrong'' view.
For less complex logic, you can use the "verify" macro
(http://ap.rubyonrails.com/classes/ActionController/Verification.html).
If you have more complex requirements, you can use a before filter. The benefit
of either approach over putting your validation code in your action is that it
makes your actions smaller and more concise, and aggregates your validation code
into a single (potentially reusable) place.  For example:

   before_filter :validate_yyyy_mm, :only => :list_by_yyyy_mm

   def list_by_yyyy_mm
     ...
   end

   private

     def validate_yyyy_mm
       redirect_to(...) if invalid_year?(@params[''yyyy''])
       redirect_to(...) if invalid_month?(@params[''mm''])
     end

If you use the invalid_year/invalid_month validators in many places throughout
your code, making them protected methods of your application controller is not a
bad idea.

Hope that helps,

Jamis
_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails