Home/ Questions/Q 615729
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T18:15:05+00:00

I’m trying to write a web app using 4-tier design pattern ( Data Store,

  • 0

I’m trying to write a web app using 4-tier design pattern ( Data Store, DAL, BLL and UI).
Among other things this app would also implement a forum.

Suppose I want to move a thread from one forum to another. In order to do this, UI layer must pass down to other layers the ID of a thread and the ID of a forum to which I wish to move this thread ( UI would pass these parameters by calling method A in BLL layer and A would in turn call method B in DAL layer… ).

a) Now should one of the bottom layers provide some sort of checking mechanism to ensure that the two ID arguments supplied by UI layer really represent an existing thread and an existing forum or is it the responsibility of UI layer to provide valid ID values?

thanx

EDIT:

I would consider the ability to pass invalid IDs a bug.

Should non existing ID be considered a bug just in the case of moving a thread, or also in the case of displaying a thread. Thus when user navigates to page Showthread.aspx?ID={0}, if query string parameter ID references non existing ID, If none of the layers check for the validity of ID, then GridView simply won’t display any

“But in this case it doesn’t look like the ids are in any sort of list. If they were one could only assume that this would never happen as I assume the lists would be populated by a stored procedure or a DAL procedure that pulls all valid IDs.”

But even if user chooses IDs from a set of list, by the time it posts the page back, the DB table containing this ID could be changed in the mean time by admin or whomever?!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    UI->BLL->DAL
    UI<-BLL<-DAL

    Your database is not another layer its simply a repository of the data. What you describe is your typical 3-tier architecture. Layers are the assemblies (dll files) while tiers are the storage mechanism (hardware). Some people might mix those terms up but ultimately it doesn’t matter.

    In this case your UI calls the BLL which in turn calls the DAL.
    Once you process what you need from the DAL then the DAL takes that information and passes to the BLL (Business Logic Layer) which in turn submits back to your UI.

    Your UI shouldn’t know anything about a valid ID, that is your UI should not touch your DAL. Pass the ID’s to the BLL and the BLL can then check if they are valid. Some folks like to actually check inside the DAL sproc level and return some sort of flag.

    bool IsValid(int forumID) {
//call the dal to get a true or false based on this
bool isValid=false;
DAL d = new DAL();
isValid = d.IsValid(forumID);
return isValid;
}

    And your DAL then has a function to simply call say a sproc to return true or false if the ID exists.

    bool IsValid(int forumID){
bool status;
//call sproc
status=ValueReturnedFromSproc();
return status;
}

    If you are wondering how the UI handles all this it can do so by this:

    BLL b = new BLL();
if (!(b.IsValid(someRandomForumID)))
  Response.Write("Sorry you've got an invalid forumID");
else
  {
    //proper forum id go ahead...
  }

    In response to your edit:

    If you are actually exposing the ID in the URL and allow someone to change it then your on load event needs to simply pull the ID (request parameters) and check if it is valid. If it is show the data if it isn’t redirect to a page that states “Opps it appears you are trying to access a forum / thread that does not exist”.

    • 0