Programing 101 - Validating input

This is something I have been meaning to blog for a while. This is something that I thought everyone did because without doing so all hell would break loose.

Validation people! Validation!

If you are programming any software and you get data from anywhere that could on some level be considered external to your code, you must validate that data before using it. There are a number of reasons you need to do this but the ones I can think of off the top of my head are: -

• Security - avoid nasty input by making sure it conforms to what you want. You don't want a web app that takes a text box for granted and then only later to find your app has fallen victim to a SQL Injection attack.
• Reduces programming headaches - Once you can be sure of what is coming in to your system then you only have to worry about it in that form. Or to put that another way, once I am 100% sure of what form the data will be in my programs, classes, interfaces, unit tests etc. etc. do not have to. Just think how much duplication of effort is avoided by validating and think how much more robust the final article would be.

I'd love to say where I saw this lack of validation, but I'm afraid I can't for legal reasons. However buy me pint and I'll tell you, that way I can blame the booze ;-)