Validation isn't working - weird problem

I am really stuck, would appreciate some help from the community. I
have a method in my controller like this:

  def save_business
    if(params[:id] == nil)
      @business = Business.new(params[:business])
      @business.user_id = session[:user_id]
      if @business.save
        flash[:notice] = 'Business was successfully created.'
        redirect_to :action => 'edit_business_2', :id => @business
      else
        render :action => 'edit_business_1'
      end
    else
      @business = Business.find(params[:id])
      if @business.update_attributes(params[:business])
        redirect_to :action => 'edit_business_2', :id => @business
      else
        render :action => 'edit_business_1', :id => @business
      end
    end
  end

I have a form in my rhtml file like this:

<% form_for :business, :url => { :action => :save_business, :id =>
@business} do |form| %>
  <p>
    <label for="legal_name">Legal name:</label>
    <%= form.text_field :legal_name, :size => 40 %>
    (example: TFS, LLC)
  </p>
...
...
...
  <%= submit_tag "Save", :class => "submit", :id => "yah", :style =>
"visibility:hidden; "%>
  <% end %>

In the model file I have this:

  validates_presence_of :legal_name
  validates_numericality_of :zip
  protected
  def validate
    if legal_name.blank?
        errors.add(:legal_name, "should be at least 0.01")
    end
  end

Neither of the validation is working, in the log file I get something
like this:

Processing BusinessController#save_business (for xxx.xx.xxx.xx at
2007-07-16 14:03:02) [POST]
  Session ID: 35229c421c8a7df5d77aff8f7f2a5b3a
  Parameters: {"business"=>{"city"=>"", "business_description"=>"",
"zip"=>"hi", "contact_person"=>"Sean", "role_at_company"=>"CEO",
"phone_number"=>"312-218-3413", "street_address"=>"7a8",
"years_business_owned"=>"2", "entity_type_id"=>"1",
"doing_business_as"=>"sean28893", "years_in_business"=>"8",
"legal_name"=>""}, "commit"=>"Save", "action"=>"save_business",
"id"=>"9", "controller"=>"business"}
Redirected to http://www.sh21.com/business/edit_business_2/9
Completed in 0.06194 (16 reqs/sec) | DB: 0.05713 (92%) | 302 Found
[http://www.sh21.com/business/save_business/9]

legal_name is blank, and zip is not numeric, but they both save
successfully...how weird!

Can anyone help me out?

Hi Sean,

# controller: