Tags for questions related to validating data.
428
votes
2answers
54k views
Is the use of “utf8=✓” preferable to “utf8=true”?
I have recently seen a few URIs containing the query parameter "utf8=✓". My first impression (after thinking "mmm, looks cool") was that this could be used to detect a broken character encoding.
So, ...
73
votes
25answers
13k views
How far should one take e-mail address validation?
I'm wondering how far people should take the validation of e-mail address. My field is primarily web-development, but this applies anywhere.
I've seen a few approaches:
simply checking if there is ...
31
votes
21answers
5k views
Is Software Testing Really Needed?
I'm a student working on my B.E(CS) and my question is the following:
Is testing in the software field needed?
If we create a software with great care, then why should we test?
After testing can ...
20
votes
9answers
7k views
Constructor parameter validation in C# - Best practices
What is the best practice for constructor parameter validation?
Suppose a simple bit of C#:
public class MyClass
{
public MyClass(string text)
{
if (String.IsNullOrEmpty(text))
...
19
votes
9answers
2k views
Is an 'if password == XXXXXXX' enough for minimum security?
If I create a login for an app that has middle to low security risk (in other words, its not a banking app or anything), is it acceptable for me to verify a password entered by the user by just saying ...
18
votes
5answers
2k views
Data input validation - Where? How much? [closed]
Data input validation always was quite an internal struggle to me.
On the verge of adding a real security framework and code to our legacy application rewrite project (which so far pretty much keeps ...
18
votes
4answers
700 views
Is validating HTML a thing of the past? [duplicate]
With us moving continually closer to HTML5 in terms of adoption, is writing HTML for validity something the web is rejecting, allowing us to straddle standards as the web continues to be in a ...
18
votes
3answers
3k views
Where we should put validation for domain model
I still looking best practice for domain model validation. Is that good to put the validation in constructor of domain model ? my domain model validation example as follows:
public class Order
{
...
16
votes
10answers
4k views
Should a method validate its parameters? [duplicate]
Say you are designing a Square root method sqrt. Do you prefer to validate the parameter passed is not a negative number or do you leave it up to the caller to make sure the param passed is valid. How ...
12
votes
5answers
862 views
Strengthening code with possibly useless exception handling
Is it a good practice to implement useless exception handling, just in case another part of the code is not coded correctly?
Basic example
A simple one, so I don't loose everybody :).
Let's say I'm ...
11
votes
5answers
715 views
For an ORM supporting data validation, should constraints be enforced in the database as well?
I have always applied constraints at the database level in addition to my (ActiveRecord) models. But I've been wondering if this is really required?
A little background
I recently had to unit test a ...
10
votes
6answers
1k views
How should I handle invalid user input?
I have been thinking about this issue for a while and I would be curious to have opinions from other developers.
I tend to have a very defensive style of programming. My typical block or method looks ...
9
votes
4answers
670 views
How defensive should we be?
We've been running Pex over some code, and it has been showing some good things (well bad things, but showing them before it gets to production!).
However, one of the nice things about Pex is that it ...
9
votes
3answers
646 views
How come verification does not include actual testing?
Having read a lot about this topic --- such as on this Software Testing Fundamentals site on verification and validation and Software Testing and Quality Assurance: Theory and Practice by Naik and ...
9
votes
3answers
2k views
Validation and authorization in layered architecture
I know you are thinking (or maybe yelling), "not another question asking where validation belongs in a layered architecture?!?" Well, yes, but hopefully this will be a little bit of a different take ...
8
votes
5answers
3k views
What Special characters should one allow for a Phone Number?
So I am designing a webpage which will be used for global users, includes users from Canada, US, India, UK etc. I need to apply validations for this phone number field, but I'm not sure the best way ...
8
votes
1answer
312 views
Better to use error monad with validation in your monadic functions, or implement your own monad with validation directly in your bind?
I'm wondering what's better design wise for usability/maintainability, and what's better as far as fitting with the community.
Given the data model:
type Name = String
data Amount = Out | Some | ...
7
votes
5answers
2k views
Do you use both Client-side and Server-side validation techniques?
Do you use both Client-side and Server-side validation techniques side by side when validating input from a user, e.g. via a contact form?
If so, is it really necessary? Are you over engineering?
...
7
votes
7answers
3k views
When should pointers be checked for NULL in C?
Summary:
Should a function in C always check to make sure it is not dereferencing a NULL pointer? If not when is it appropriate to skip these checks?
Details:
I've been reading some books about ...
7
votes
3answers
297 views
How to measure external quality of software
For my thesis, I am doing research into the characteristics of Behavior Driven Development (BDD). One of the BDD claims is that by specifying the requirements in a ubiquitous language together with ...
7
votes
3answers
1k views
IValidatableObject vs Single Responsibility
I like the extnesibility point of MVC, allowing view models to implement IValidatableObject, and add custom validation.
I try to keep my Controllers lean, having this code be the only validation ...
7
votes
2answers
3k views
Has anyone successfully used Windows Workflow for a Business Rules/Validation engine?
I was wondering if anyone has successfully used Windows Workflow Foundation for a BusinessRules/Validation engine, or if you know of some sample code or articles about this.
If you have used it ...
7
votes
1answer
733 views
Duck typing, data validation and assertive programming in Python
About duck typing:
Duck typing is aided by habitually not testing for the type of arguments in method and function bodies, relying on documentation, clear code and testing to ensure correct use.
...
6
votes
6answers
909 views
If the model is validating the data, shouldn't it throw exceptions on bad input?
Reading this SO question it seems that throwing exceptions for validating user input is frowned upon.
But who should validate this data? In my applications, all validations are done in the business ...
6
votes
4answers
703 views
Validating User Stories: How much change is too much?
While the core of requirements development and acceptance criteria would ideally take place during the planning meeting in order to create a better estimate, Scrum encourages continuous interaction ...
6
votes
2answers
2k views
Command handlers and DDD
I have an ASP.NET MVC application, that uses a query service to get data and a command service to send commands. My question is about the command part.
If a request comes in, the command service uses ...
5
votes
2answers
591 views
Is server validation necessary with client-side validators?
I recently created a .net web app that used over 200 custom validators on one page. I wrote code for both ClientValidationFunction and OnServerValidate which results in a ton of repetitive code.
My ...
5
votes
4answers
416 views
How far should I take email address validation when the cost of bad emails is high?
When it's more important to prevent typos than to cover 100% of all possible email addresses, what syntactic email validations do you do?
Imagine this:
You're with the local gas & electric ...
5
votes
5answers
726 views
Is realtime validation of username good or bad?
I have a simple form for the user to sign up to my site; with email, username and password fields. We are now trying to implement an ajax validation so the user doesn't have to post the form to find ...
5
votes
5answers
549 views
In a web application backed by a database, how often should I validate data? [duplicate]
Possible Duplicate:
Data input validation - Where? How much?
Given that I have a web application with a user facing form that will store information in a database (that will be used by ...
5
votes
2answers
718 views
How is the Trial Period for Softwares generally implemented?
I was always under the assumption that trial softwares write a registry value of the installation date and then the software makes a comparison of the current date of the system with the remaining ...
5
votes
4answers
274 views
Can data classes contain methods for validation?
OK, say I have a data class for a user:
public class User {
private String firstName;
private String lastName;
private long personCode;
private Date birthDate;
private Gender gender;
private String ...
5
votes
8answers
860 views
Best Practice for Argument Checking
Say I have a web service with a method MyWebServiceMethod(string passedValue).
The web service calls a method MyServiceMethod(string passedValue) where the value from the web service is passed along.
...
4
votes
3answers
189 views
Name for sanitizing at the right time?
Recently we had an issue on our site where someone attempted SQL injection via a cookie (we'll call it lastID). NOC was in a frenzy and angry about how the cookie as an attack vector could be ...
4
votes
2answers
334 views
What is the best way to validate the following data?
Lets say I receive an xml request that is sent to my web service and this request contains some data in it such as Hotel Room/Rate pairs (Room = Double Queen, Rate = 10%). The database has all of ...
4
votes
8answers
922 views
Data validation best practices: how can I better construct user feedback?
Data validation, whether it be domain object, form, or any other type of input validation, could theoretically be part of any development effort, no matter its size or complexity. I sometimes find ...
4
votes
2answers
226 views
Design strategies for storing and validating serial numbers
We are writing software to track Foo Widgets. Each Foo Widget has a serial number. The serial number is an 32-character alphanumeric string. The string is separated into five sets. Each set is ...
4
votes
1answer
570 views
MVC Pattern - How to get errors from the model to the controller?
Say I have a typical MVC setup. The controller passes on some input to the model, and asks it to do something with it. But the validation of the data fails, or there is some other problem. What's the ...
4
votes
2answers
155 views
How to properly include field validation in a Software Documenation
I'm developing a software documentation in a project, and much of it are just CRUD or CRUD based functions. As you can imagine, a lot of the rules are constraints about fields validation, things like ...
4
votes
2answers
106 views
Would it be hard to screen form submissions (e.g., comments) for non-words/non-sentences?
I've been thinking a lot lately about the need for better form security, and good ways to accomplish that.
We currently use captcha codes to screen for bots, but that's annoying to users and may not ...
4
votes
1answer
375 views
Dapper and object validation/business rules enforcement
This isn't really Dapper-specific, actually, as it relates to any XML-serializeable object.. but it came up when I was storing an object using Dapper.
Anyways, say I have a user class.
Normally, I'd ...
4
votes
2answers
175 views
When and how much should we validate input when working with (C)AP storage?
Herein, we consider a server-client architecture. Suppose we keep the details flexible, but there's more than one layer of servers supporting our hypothetical service. The general question is "When ...
3
votes
4answers
343 views
Should validation messages contain punctuation? [closed]
When building an application should all validation messages have punctuation?
3
votes
2answers
649 views
Functional testing in the verification
Yesterday my question How come verification does not include actual testing? created a lot of controversy, yet did not reveal the answer for related and very important question: does black box ...
3
votes
4answers
89 views
Can I save & store a user's submission in a way that proves that the data has not been altered, and that the timestamp is accurate?
There are many situations where the validity of the timestamp attached to a certain post (submission of information) might be invaluable for the post owner's legal usage. I'm not looking for a service ...
3
votes
2answers
614 views
Validation and data persistence in a domain model
My (first and current) workplace (a .NET shop) suffers from an over-abundance of anemic domain models, to the extent that I don't really know how validation and data persistence should be handled in a ...
3
votes
2answers
483 views
Best practice for validating XML messages
Two systems are communicating via XML messages on a message queue and any received message must be validated for structure, content and business logic before being processed.
An XML schema offers ...
3
votes
3answers
172 views
Complex Mutual Exclusion Validation Logic
I need to validate some form inputs in complex way. E.g.
<select id="options" multiple="multiple">
<option>A</option>
<option>B</option>
...
3
votes
1answer
302 views
How can I use Windows Workflow for validation of a Silverlight application?
I want to use Windows Workflow to provide a validation service. The validation that will be provided may have multiple tiers with chaining and redirecting to other stages of validation. The ...
2
votes
5answers
712 views
Why validate XML?
I am looking for an explanation on just why XML needs to be validated. I have been testing DTD's and Schema's for the past month and recently tried to find out why I am doing this. I know it makes the ...
