field validation (was Re: COBOL/DB2 Date edit question)

On 8/13/2007 at 11:26 AM, in message
Frank Swarbrick<Frank.Swarbrick@xxxxxxxxxxxxxx> wrote:

This brings to mind an interesting issue that we've been struggling with
years at our shop. This issue being, where does input validation

Prior to the mid-1990s all of our data input to the mainframe was your
ol' 3270 green screens. For better or for worse, presentation logic and
business logic were implemented in the same CICS program. Data
was hard coded directly in to the same CICS program.

We then started utilizing some distributed (Windows) applications to
some of these functions. The same (if slightly modified) CICS programs
still existed on the back end and were utilized by the distributed
applications to actually get the data from there to here (the
All of the existing data validation remained in the CICS programs, but
of the same logic was also put in to the distributed application.

One of the main reasons this was done was because the distributed
application has all those wonderful modern things such as drop-down
radio buttons, etc. In order to present the proper widgets (or whatever
they're called) to the end user the distributed application must, of
know what those valid values are. Additionally, with those types of
applications the users are used to knowing pretty much immediately of
have selected a valid option. They don't want to go through all of the
effort of entering data, then at the end pressing enter and finally
back a message "such and such a value is invalid for this account type".

Just this year we implemented a project to 'web enable' a lot of our CSR
screens. Again we ended up duplicating a lot of the
edits/validations/whatever you want to call them. In some situations
the logic is fairly complex and the relevant data resides on the
we will let things 'pass through' to be edited on the mainframe, but
fairly rare.

Another issue we come upon, even if we wanted to pass the edits through
the mainframe, is that different applications sometimes allow for
edits. Here's a real example... If an ATM card is ordered for a
who is a minor (under 18) there is a requirement that the order be
by an officer. So the order is put in to a 'pending approval' queue.
however, the card is ordered as part of setting up a new account through
new accounts system (a distributed application) then the approval is
required. So I had to add logic to my CICS program to be able to
distinguish between the transaction being initiated directly (via a
3270 terminal session) and same transaction being initiated via a
distributed application (which actually still uses a regular 3270
session, but a 'psuedo signon' process is done by the distributed
application that lets the CICS program know that it's, well, a

Anyway, there are other cases where the 'end' application is more likely
know what edits need to be in place, and to 'end' applications may not
the same edits. So putting the edits on the mainframe just makes things

Then again, most of the 'end' applications would have the *same* edits,
so we end up with a lot of duplicate logic. Even if the logic is
combined, in, say, a Java object, that object cannot be utilized by a
regular Windows application, and certainly not by a mainframe
(or mainframe OS does not support Java).

In the end we do what we have to do to make things work. But no one is
really happy with it.

I don't know that we're going to change our direction at this point, but
am curious about other's experiences.

I didn't even finish my thoughts! What made me think of this is the
possible use of the database for validation. Most (all?) RDBMS allow for
fields to be validated at the database level. This is all fine and dandy,
but is it really the best way to go? Again, if you do this you allow the
user to input all of their fields into your application. You then go to the
database to INSERT (or UPDATE) the record. The database then decides that
one (or more!) of the values is invalid for their respective fields
(columns; whatever). It just seems to me to be a lot of extra round trips
back and forth to the database to finally get valid data inserted. Do
people really use the database for this? Or to they code the data
validation in to their applications?

We're only now, from the mainframe side, starting to utilize a relational
database, so I have no real world experience when it comes to these things.