Chapter 17. Input validation

 

This chapter covers:

  • 17.1 Input validation in application design 378
  • 17.2 Server-side validation and its problems 381
  • 17.3 Client-side validation 384
  • 17.4 Object-oriented server-side validation 393
  • 17.5 Synchronizing server-side and client-side validation 409
  • 17.6 Summary 412

“What could be less exciting than a company that makes retread tires in Muscatine, Iowa?” asks Peter Lynch in his investment book Beating the Street.

I don’t know what’s even less exciting, but I can think of plenty of things that are equally dull. Lots of routine, unexciting activities go on in the so-called real world. Input validation is one of them. It’s not glamorous; there will never be a Hollywood movie about it. It’s not even visible most of the time, so it’s easy to overlook until you’re actually forced to do it.

But web programmers are generally aware of the need to do it. According to Lynch, Bandag (the company that makes retread tires in Muscatine, Iowa) increased its value by a factor of 30 in 15 years. Clearly, you can be successful without doing anything superficially exciting.

Input validation is important for two reasons: security and usability.

It is essential to security, since unvalidated input leaves a web application open to all sorts of attacks, especially the dreaded SQL injection attacks.

17.1. Input validation in application design

17.2. Server-side validation and its problems

17.3. Client-side validation

17.4. Object-oriented server-side validation

17.5. Synchronizing server-side and client-side validation

17.6. Summary