Roughly three months ago, I wrote about how forms are able to tell when you're inputting the wrong things, roughly three weeks ago I wrote about forms, today I will be building on the information I shared in those posts.
Have you ever wondered why you can't cheat an e-commerce store in the sense that you can't buy 1 unit of product A for $20 then go on to buy -1 unit of Product B for -$20 in a bid to cancel out the total cost of your order and get product A for free?. If you think the above isn't possible then you're overestimating the intelligence of software solutions (without the aid of a skilled software engineer). Just so you know, I built an e-commerce store once that had the above problem π while in development (yes, I fixed the problem), today I'll talk about how.
Today we're looking at input validation as a standalone concept. Just like the name suggests, input validation involves writing code that helps to ensure that the data you feed software solutions is in the format that is expected, more importantly, that the data isn't malignant. Just like most things relating to software development, there are two things involved π. We have client-side input validation and server-side input validation, client-side is handled by frontend developers while the server-side is handled by backend developers.
CLIENT-SIDE INPUT VALIDATION
We'll start with client-side because that's typically the part you see first. if you've ever tried to register on a platform that showed you the requirements for a username and password and didn't let you submit till you got it right then you've seen client-side input validation. Client-side input validation is closer to the end-user which makes it a lot faster than server-side input validation. There are cases where frontend software engineers give the border of the input box a green colour if your input is acceptable, and a red border if it's unacceptable.
SERVER-SIDE INPUT VALIDATION
Server-side input validation is closer to the database than it is to the end-user as such if a platform has no client-side input validation but has server-side, you'll be allowed to write the wrong input and even submit, however, you'll get a response that you wrote the wrong thing. You'll get those confusing-look error reports. They're sometimes called the yellow or blue screen of deathπ). If you've watched Game of Thrones, you can more or less say that server-side input validation is like the Night's watch π€£.
A RELATABLE EXPLANATION
With passwords, sometimes you see a bar that gets fuller and changes colour as the length of your password gets longer, you typically move from "Weak Password" to "Strong password". At other times, there are checkboxes that have a "β" when your input is acceptable. With clientside, you typically know instantly that what you did is wrong, you won't be allowed to submit that input till you make it right, in other cases, you'll be outrightly prevented from inputting wrong data (like adjusting the counter of the number of units of a product you want to buy to a number less than 0).
WHY DO WE NEED BOTH?
You may be asking why we need server-side input validation if client-side input validation is faster and looks prettier, well we have cases where pranksters and hackers are able to evade client-side input validation in a bid to cause problems or steal data and products from an organization. And you're wondering why client-side input validation is still relevant, it's also because it reduces the number of times you put pressure on the backend code and the server. Recall that I wrote about load balancing yesterday where I explained that the amount of pressure you put on a server can affect its performance and its ability to engage multiple end-users.
HOW I SOLVED MY DEBUGGING PROBLEM
Both types of input validation are combined when building software solutions because Client-side input validation is prettier, enhances user experience and is faster, while Server-side is more reliable and can be used to properly secure the database from different cyber attacks like SQL injection, CORS, etc. I solved the problem on the e-commerce platform I was building by using both client-side and server-side input validation. I used the client-side input validation to ensure that the user can't reduce the number ordered quantity below 0 and I declared a range on the number of units that I was expecting from the client at the ordering stage, I replicated this at the server-side by using input validation attributes on the model classes.
FINALLY...
There are other things that input validation can do, it can determining the minimum and maximum values to be inputted, it can also ensure that where an email is required, you have to provide something that looks like an email address (email address validation isn't foolproof without two-factor authentication). You can also determine the exact character of inputs that can be used, this is termed regular expression and is used to ensure that your password contains a block letter, number and special character. There are tons of things you can validate,
The major thing to remember is that input validation improves user experience, protects the software solution from being exploited and overall ensures that the data obtained from users is as clean as possible in order to enable that data to be acted upon for analysis or just documentation process. I should write about some of the alien concepts above that relates to cybersecurity much later.