Data Validation

Data validation, also known as input validation, is a method of ensuring that incoming data is uncompromised before it is allowed to be processed. During transmission to programs, applications, and services, data can be corrupted. Data validation employs one or several checks, routines, and rules to ensure that the data coming into a system is meaningful, accurate, and secure. If the incoming data is not properly sanitized this can result in code injection. 
An application should check that data is both  syntactically  and  semantically  valid before using it in any way.  

• Syntax validity is that the input is of the form that you would expect.  
• Semantic validity is that the input is within an acceptable range for the given application functionality and context. 

The best practices for input validation include: 

• Validate all inputs at the server side before accepting them. 
• Using a whitelist. White list validation involves defining exactly what IS authorized, and by definition, everything else is not authorized. Regular expressions are a great tool for defining a whitelist for an application. 
• Identify special characters and escape them consistently during input validation 
• Define the length of the input data, minimum and maximum. 

 Types of data validation include:

• constraint validation, 
• structured validation, 
• data range validation, 
• code validation, and 
• data type validation.

These data validation routines, rules, and constraints test for the correctness, meaningfulness, and security of incoming data.

Want to know what can happen when data validation is done improperly? Read about code injection.