I don’t understand why there’s a validator “CFilterValidator”. For me it’s not a validator and it should not be mixed with them.

It’s a filter and should be used as so.

yes, but you can say very same about safe, unsafe, default, etc. they are not real validators.

They allow you to use validation stream and configuration for better data hadling (in pipeline maneer):

  1. set default NULL value for fields with empty string (common problem when posting from HTTP form)

  2. if fieldX is empty -> copy there value from another field

  3. make other field value lowercase

  4. check if all those fields have proper value (real validation)

now - you could do same other way (like separate model methods, beforeValidation handler, etc) but that would be less readable and you culd not set mixed order (like: validate fieldX, then filter fieldY based on validated fieldX, then validate fieldY).

It confuses me because for me filters (especially sanitize filters) come before processing data and validation comes before interacting with DB.

If I use a filter which is a validator, it implies that I must call validate() before I do something with the data, and validate will be called again through save() when I save my data to db.

you can think about filters as something that enforces given data format but without throwing errors but rather converting data to required format. The difference is like this:

validator: if fieldX is not all lowercase -> report error and stop processing

filter: if fieldX is not all lowercase -> make it lowercase and go on

I understand this but when you want to sanitize data before processing it,how do you filter it?you call validate?for me the flow is often like this:I receive data in the controller,I want to sanitize-filter it,I do anything with the data,I update the db with data.Thats right when I update db that I call validate,not before.

You are right, but it is up to developer to remember to sanitize data everywhere it is assigned to model. With filters you may safely assign any data (from HTTP form, or other sources like outer services) and just save the model. Everytime you save it - filters will sanitize data. It is safer than assuming developer sinitized data before assigning it, especialy when working with services (not plain http form data) because developers tend to assume such data is already sanitized…

anyway - if you don’t like just don’t use filters. In my oppinion - you can create safer applications when using filters properly together with validators.

It s just that for me the concept is different between a filter and a validator so they should not be mixed.For me if data has to be filtered,it should be in a process different from the validation process.

Could you please give an example of how to do this one. I have need of it but am not sure how :)

array( 'column_which_are_default_NULL', 'default', 'setOnEmpty'=>true, 'value'=>NULL )