since DAO layer is typically responsible for accessing data from DB given certain input (like a user_id etc), should it concern itself with checking the validity of its input?
E.g. if there's a DAO method to fetch a user based on user_uid, which is a (> 0) primary key, then should the DAO method always check for this constraint before making the necessary DB call? Or should it assume that any layer higher up which calls this method will take care of the constraint and never pass it a -ve id? The DAO method can publish this constraint in its doc so that programmers writing higher layers are aware of it.
Which approach would you typically use and why?
Thanks and regards!
The answer depends on whether the business layer (presumably above the data layer) is validating these values, and if the data layer can be called from any other layers (eg workflow layer).
Generally it is a good idea to bunch validation in the business layer, and constrain layer communications so the data layer can only be called via the business layer.
We also add key/null validation checking in stored procedures, in case another service in the future decides to attempt to put invalid data in.