From this question in MVC validation: where to validate?, i agree to the idea that validation takes place in the model before raising any DB calls.
however, i am confused regarding this situation: i have this form that stores the row ID into session before it is rendered back to the browser. it works like a token. when the form is submitted, it checks whether the ID from the form and ID from the session are the same.the operation has no relation to the database at all.
is the checking of this ID the work of the controller or the model?
Faux MVC: Do it in the controller. The controller handles most of the business and behaviour logic, whereas the model is in inactive particapant (unaware of its use in the MVC triad) or only a dumb interface to the database storage.
Real MVC: Sesssion data is business logic. It’s another model for application state. It’s not user-input (what controllers actually are for) if it already resides in a server-side session store.
Lastly, get over the misnomer. MVC is yesteryears buzzword. (And had long been superseded by MVP and PAC before that). The variant perpetrated in PHP land has nothing to do with MVC. Trying to do it “properly” is going to fail, no matter the implementation. See https://stackoverflow.com/questions/1549857/simple-php-mvc-framework/1549970#1549970