Where do you do your validation? model, controller or view

Question

Where do you put user input validation in a web form application?

1. View: JavaScript client side
2. Controller: Server side language (C#...)
3. Model

Answer 1

All validation should happen at least one time, and this should be in the middle tier, whether it be in your value objects (in the DDD sense, not to be confused with DTO's), or through the business object of the entity itself. Client side validation can occur to enhance user experience. I tend to not do client side validation, because I can just expose all of the things that are wrong on the form at once, but that's just my personal preference The database validation can occur to insure data integrity in case you screwed up the logic in the middle tier or back ended something.