Background
I'm looking to put together a single page web application with many form inputs. I've run into issues with other web pages where there is an ugly SQL error sent to the user if the maxlength
constraint of the field in the table was violated. I'd like to know how to manage this type of validation.
Questions
-
Should I put the effort into making sure that the HTML form input is limited in size for every input field (as opposed to targeting significant fields)?
-
Should the
maxlength
of the input field be tied programmatically to the constraints of database fields (through a query of the database system tables) or would this be unrealistic?
I'm looking for both what is best practice and what is maintainable (I don't want to have to do a lot of extra work if the database design changes). Is it easier just to decode the SQL error post-submit and inform the user?
Related Questions
- max length validation check – More specific to what length to set fields at. I'm more interested in the broader question of applying the length.
- When and how much should we validate input when working with (C)AP storage? – Probably the most similar. It is about validation in general.
- Data input validation – Where? How much? [closed] – Broadly touches on some principles including stating:
use of additional validation like "between 6 and 20 characters" less frequent, as this increases maintenance work on changes
Best Answer
Yes, you probably should put
maxlength
constraints on every field where such constraints exist. The reason for doing that is mainly so that the user can get immediate feedback, instead of having to send the request and having the application tell them that they cannot do that (though that may still happen in some cases);Attempting to derive
maxlength
from the database schema is necessarily going to tie the technical database implementation / definition with the front-end HTML - that is, you are going to have, in one form or another, the view generation code be aware of the underlying data structures, and of how the underlying database tables map to the UI. Such a coupling, in my experience, actually increases the burden of introducing a change. It may also yield the wrong value anyway, as HTML5maxlength
is defined in terms of Unicode code points, whereas max length in databases is often defined for UTF-16 or byte length;In my experience, once the maxlength of some data is set, it should only change rarely, and because of that, the maintenance burden is acceptable.
Also, even if you put
maxlength
andminlength
in the HTML form, you will still need to validate on the server side, because anyone may still send a form with data that would not validate in the HTML form.