field validation (was Re: COBOL/DB2 Date edit question)



On 8/13/2007 at 11:26 AM, in message
<46C03FC9.6F0F.0085.0@xxxxxxxxxxxxxx>,
Frank Swarbrick<Frank.Swarbrick@xxxxxxxxxxxxxx> wrote:

This brings to mind an interesting issue that we've been struggling with
for
years at our shop. This issue being, where does input validation
belong?

Prior to the mid-1990s all of our data input to the mainframe was your
good
ol' 3270 green screens. For better or for worse, presentation logic and
business logic were implemented in the same CICS program. Data
validation
was hard coded directly in to the same CICS program.

We then started utilizing some distributed (Windows) applications to
perform
some of these functions. The same (if slightly modified) CICS programs
still existed on the back end and were utilized by the distributed
applications to actually get the data from there to here (the
mainframe).
All of the existing data validation remained in the CICS programs, but
much
of the same logic was also put in to the distributed application.

One of the main reasons this was done was because the distributed
application has all those wonderful modern things such as drop-down
lists,
radio buttons, etc. In order to present the proper widgets (or whatever
they're called) to the end user the distributed application must, of
course,
know what those valid values are. Additionally, with those types of
applications the users are used to knowing pretty much immediately of
they
have selected a valid option. They don't want to go through all of the
effort of entering data, then at the end pressing enter and finally
getting
back a message "such and such a value is invalid for this account type".

Just this year we implemented a project to 'web enable' a lot of our CSR
screens. Again we ended up duplicating a lot of the
edits/validations/whatever you want to call them. In some situations
where
the logic is fairly complex and the relevant data resides on the
mainframe
we will let things 'pass through' to be edited on the mainframe, but
that's
fairly rare.

Another issue we come upon, even if we wanted to pass the edits through
to
the mainframe, is that different applications sometimes allow for
different
edits. Here's a real example... If an ATM card is ordered for a
customer
who is a minor (under 18) there is a requirement that the order be
approved
by an officer. So the order is put in to a 'pending approval' queue.
If,
however, the card is ordered as part of setting up a new account through
the
new accounts system (a distributed application) then the approval is
*not*
required. So I had to add logic to my CICS program to be able to
distinguish between the transaction being initiated directly (via a
regular
3270 terminal session) and same transaction being initiated via a
distributed application (which actually still uses a regular 3270
terminal
session, but a 'psuedo signon' process is done by the distributed
application that lets the CICS program know that it's, well, a
distributed
application).

Anyway, there are other cases where the 'end' application is more likely
to
know what edits need to be in place, and to 'end' applications may not
have
the same edits. So putting the edits on the mainframe just makes things
worse.

Then again, most of the 'end' applications would have the *same* edits,
and
so we end up with a lot of duplicate logic. Even if the logic is
somehow
combined, in, say, a Java object, that object cannot be utilized by a
regular Windows application, and certainly not by a mainframe
application
(or mainframe OS does not support Java).

In the end we do what we have to do to make things work. But no one is
really happy with it.

I don't know that we're going to change our direction at this point, but
I
am curious about other's experiences.

I didn't even finish my thoughts! What made me think of this is the
possible use of the database for validation. Most (all?) RDBMS allow for
fields to be validated at the database level. This is all fine and dandy,
but is it really the best way to go? Again, if you do this you allow the
user to input all of their fields into your application. You then go to the
database to INSERT (or UPDATE) the record. The database then decides that
one (or more!) of the values is invalid for their respective fields
(columns; whatever). It just seems to me to be a lot of extra round trips
back and forth to the database to finally get valid data inserted. Do
people really use the database for this? Or to they code the data
validation in to their applications?

We're only now, from the mainframe side, starting to utilize a relational
database, so I have no real world experience when it comes to these things.

Thanks!

Frank


.



Relevant Pages

  • Re: Validation of text
    ... If you are saying that designing effective database constraints is hard ... Consider that if you have no database level constraints then your data ... should) write form-level validation *and* database level ...
    (microsoft.public.access.forms)
  • Re: Dynamic form generation
    ... The contents of the array is then ... validated by the framework to ensure that all columns maked as NOT NULL ... fields have predefined validation functions. ... array contains any field names which do not exist in the database table ...
    (comp.lang.php)
  • Re: Dynamic form generation
    ... The contents of the array is then ... validated by the framework to ensure that all columns maked as NOT NULL ... MySQL database, a PostgreSQL database, an Oracle database, and a SQL Server ... validation as that is performed by a validation class which I wrote ...
    (comp.lang.php)
  • Re: candidate keys in abstract parent relations
    ... To what extent do we defend the validity of the data in the database, for instance an email address, in SQL Server you can now create a column say is_valid_email which can call a CLR scalar function that can run a bit of C# / VB.NET to actually go out and validate if that email address is truely valid at the point you want it... ... I'll be interested to see how they develop this further, like how all the usual relational ops will behave on that CLR column, eg. how does one compare two such programs to see if they are somehow 'equal'? ... Can't resist - I suppose in some cases a lot of disk space could be saved if each app had its own validation code. ...
    (comp.databases.theory)
  • Re: question about database injection
    ... i am working on the registeration page for the forum website and its ... as i am stuck with regards to database injection. ... USER NAME VALIDATION ... however i would like the username to be Letters First(upper or ...
    (comp.lang.php)