Form Validations and Business validations - Controller and Service layer

Doing the form validations in the controller layer and doing the business validations in the service layer.

Is the right approach to do it or we need to do the form validations too in the service layer?

Basically what are the codes or functionality check should exist in controller layer and in service layer?
Software ProgrammerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
This might not be one layer....
Behind the form each field should (must?) be validated. A data field should contain a valid data, an string field a string (possibly parsed for illegal characters like ' "etc. or syntax validated if specific syntax is required.) numeric field should be numerix, hexadecimal field hex. valuta fields should contain valid numbers.  A mailaddress should look like a valid mail address (somestring@somedomain, where somedomain is a dotted string with at leas one .) etc.etc.  (optional fields may be empty, non optional field MUST hold valid data).
(This is mostly called marshalling of data).

Then if some string field means it should be a valid persons name is the next level just like if a valuta field holds USD, JPY, EUR  amounts or
if the mail address is already known etc. etc. (the later mostly are business rules).
But business rules "SHOULD" not have to worry about the syntactic validity of an Email address...

Where you solve it is a design decision but do expect the business layer to be access through forms as well other API's...
so maybe the form should do the checks and handle it in a user friendly way warning of the problems a submission will face.
Where the API/Business side just balks at first error and refuses to handle the data.
Software ProgrammerAuthor Commented:
Not clear on the explanation. could you please explain about which layer the validations should fall?
Doing the form validations in the controller layer and doing the business validations in the service layer.

This is the usual approach. Any form validation should be done in the controllers. Any business validation should be done further down, in the business layer. Since you do not access the business layer directly (but only via the controllers) then there is no need to do form validation in the business layer.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.