Does anyone still do complex validation in SQL stored procedures?

Question

0.00/5 (No votes)

See more:

So I figured out a way to do simple regex and LL(1) parsing inside a SQL92 compliant RDBMS, using stored procs and a few tables for parsing and scanning.

The upshot of this is if you pass complicated structured textual data - anything from an URL to an email addy, to say, JSON, you can get the thing to validate and perhaps even normalize the data for you.

I don't want to expend the effort on something nobody cares about anymore though, and I've been out of business dev for years.

So is something like that useful still?

What I have tried:

I haven't tried anything yet. This isn't really that kind of question

Posted 26-Apr-19 17:01pm

honey the codewitch

Updated 26-Apr-19 17:05pm

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Christian Graus · Accepted Answer · 2019-04-26T17:05:00

Solution 1

The point of procs is putting logic in the DB, and also being able to do complex actions with one DB call. I would never do this, but it comes down to where you want the logic to live. I would say no for validation, your code needs to not waste the time of your DB, and report to the user their input is invalid.

Posted 26-Apr-19 17:05pm

Christian Graus

Comments

honey the codewitch 27-Apr-19 1:02am

It used to be de rigueur to do as much validation as realistic in each of the tiers of a multi-tiered app. For the same reason you'd sanitize db inputs on a webpage, but also to protect against attacks if they manage to secure a user level connection to the DB directly.

But that was years ago. 3 tier is old school these days.

Basically though, you'd have the web page provide first tier validation, the middleware perform 2nd tier validation, and where possible, do validation in the DB stored procs.

that way no matter what, your data is hardened against being poisoned by external actors no matter what tier they are operating at.