LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Input validation checks progress from coarse to fine — what does each layer verify, from the source of the data down to its meaning?

Source → size → lexical (allowed characters) → syntax (correct format) → semantics (makes sense in context). Reject as early as possible.

Coarse-to-fine validation layers: Source, Size, Lexical, Syntax, Semantics — reject early.

* Validate coarse-to-fine — Source, Size, Lexical, Syntax, Semantics — rejecting at the first failure to save processing. *

You validate from cheap, coarse checks to expensive, fine ones, rejecting bad input at the first failure:

# Criterion What to check Example
1 Legitimate source Verify origin system/user CSRF token, API key
2 Reasonable size Max length/size limits Username ≤ 255 chars
3 Lexically valid Only allowed characters No <>"'; in names
4 Syntactically valid Correct format/structure Valid email pattern
5 Semantically valid Makes sense in context Birth date not in future

Tip: Think "SLSS-S" (Source, Length, Lexical, Syntax, Semantics) — validate from coarse to fine. Reject early to save processing.

Go deeper:

From Quiz: SPRG / Input Validation & Output Encoding | Updated: Jul 14, 2026