Tour Sections

• Introduction
• Site Structure
• Page Assembly
• URL Handlers
• Multi-View Strings
• Authentication
• Database
• Error Handling
• Validation
• Config Data
• Logging
• EDP
• User Interface
• Formatters
• Images
• API Utilities
• Developer Tools

ToolKit Description

Input Validation

One of the significant security and data integrity risks for any web site is the allowance of data input from users. Of course, this is also a central functionality for most web sites. All data supplied by users via web page forms should be filtered and tested to verify that it meets data type and formatting requirements, and poses no security risk from SQL, JavaScript, or HTML code injection.

The programming of this validating process is one of the more tedious elements of site programming due to the sheer number of details to be addressed. In the PageBlocks framework, input validation has been centralized into a single controller which is then used by the database API to automate validation of form inputs. Each input is automatically filtered for injection threats (unless told otherwise), and can be defined to require a number of low level data type or formatting requirements. The validation definitions for each database field are centralized in the data tblDefn_ table configuration files so that validations are uniformily applied throughout the application.

Additionally, the PageBlocks framework includes a structured system for implementing business rules and using the error handling system for controlling user feedback. The unified approach to handling feedback from validation errors and business rule violations significantly simplifies the handling of these various error sources.

See the database API page for more information.