Input Validation!

The first step to robust, quality code.

What?
Why?
How?

What is input?

Data inserted into a system for processing and / or storage.


  • from an external source
  • can be stored in a database
  • can affect the flow of a program


What are some sources of input?

What does it mean for input to be valid?

User input is a form of data

Data that flows through the app needs to be handled in ways the program is expecting.

  • What is technical validity?
  • Who decides what data is valid?
  • What influences these decisions?

Possible and Sensible

Ensures that it is possible for the program to do something with the data, and that it makes sense to accept this data from an input source.

  • Presence (e.g. a user email is required for sign up)
  • Range (e.g. age restrictions, bank balances)
  • Length (e.g. entering passwords)
  • Format (e.g. date formats)
  • Data Type (e.g. types of characters in passwords, age as integers) 

 

What does validation not ensure?

 

(Correctness in business logic)

Why is validation important?

  • Reliability - So programs don't stop running when input is unexpected, and users are not given confusing errors
  • Accuracy - Define the conditions that user input is accepted by the program (required and optional fields)
  • Make sure user input can actually be used in functions
  • Prevent security breaches & loss of data through saving or using malformed data (combined with sanitisation - later)

xkcd - "Exploits of a Mom" https://xkcd.com/327/

Examples

So how do you do it?

We'll start with this Python example

  • Solution: https://trinket.io/python/87e3aa192c

More examples and resources

Input Validation Intro

By Diana K. Lee

Input Validation Intro

  • 467