Where to put additional code for model.

So this won't fix the problem of user input outside the browser, but
what about implementing the date fields as <select>'s instead of text
fields? You will still have to sanitize the data but at least you
have defined the format in which the user inputs it through the
browser.

p_W wrote:

So this won't fix the problem of user input outside the browser, but
what about implementing the date fields as <select>'s instead of text
fields? You will still have to sanitize the data but at least you
have defined the format in which the user inputs it through the
browser.

I recommend this setup for date entry since it does help a little with
the input sanitizing: When you use a Select tag, the user input options
are known values and it allows you to be much more aggressive and
unforgiving with your input validation. Text box input requires some
fuzzy acceptance of values, but a Select/Options list does not - you can
validate against a fixed set of values and anything else must have come
from a Bad Guy.

- Aaron