Rails ActiveRecord validation: maximum length of a string?

11
votes

I have these string / text fields in my database migration file:

  t.string :author
  t.string :title
  t.string :summary
  t.text :content
  t.string :link

And these are my questions:

  1. Every string / text attribute should have a maximum length validation for both purposes, security (if you don't want to receive a few MB of text input) and database (if string = varchar, mysql has a 255 characters limit). Is that right or is there any reason not to have a maximum length validation for totally every string / text attribute in the database?
  2. If I don't care about the exact length of author and title as long, as they are not too long to be stored as strings, should I set a maximum length to 255 for each of those?
  3. If the maximum possible length of URL is about 2000 characters, is it safe to store links as strings, and not as texts? Should I be validating a maximum length of the link attribute if I am already validating its format using regexp?
  4. Should a content (text) attribute have a maximum length just to protect the database from the input of an unlimited length? For example, is setting a maximum length of a text field to 100,000 characters reasonable, or is this totally pointless and inefficient?

I understand, that these questions might seem unimportant to some people, but still – that's a validation of input, which is required for any application, – and I think it's worth to be rather paranoid here.

1
ruby-on-railsvalidationactiverecord

1 Answers

5
votes

The question is great, and perhaps people with more knowledge of rails/mysql internals will be able to expand more.

1) Having any validation in the model depends where you want the failure to happen in case it exceeds the limit. The model is the best option since most likely it will cover most objects using the model. Other alternative is simply limiting form fields using maxlength attribute.

The first option does not work for optional fields.

2) I am not aware of any rule of thumb. Use whatever you know is the longest and make it a bit bigger.

3) My rule is that anything above 255 is text. You can find more info on this Here

4) If the column holds the same content - there might be value in that. Some use cases might have different maxlength depending on content type or user.

All of the above is also affected by how strict data validation requirements are in the project.