Chapter 17. Input validation
This chapter covers:
“What could be less exciting than a company that makes retread tires in Muscatine, Iowa?” asks Peter Lynch in his investment book Beating the Street.
I don’t know what’s even less exciting, but I can think of plenty of things that are equally dull. Lots of routine, unexciting activities go on in the so-called real world. Input validation is one of them. It’s not glamorous; there will never be a Hollywood movie about it. It’s not even visible most of the time, so it’s easy to overlook until you’re actually forced to do it.
But web programmers are generally aware of the need to do it. According to Lynch, Bandag (the company that makes retread tires in Muscatine, Iowa) increased its value by a factor of 30 in 15 years. Clearly, you can be successful without doing anything superficially exciting.
Input validation is important for two reasons: security and usability.
It is essential to security, since unvalidated input leaves a web application open to all sorts of attacks, especially the dreaded SQL injection attacks.