LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

Where should input validation, sanitization, and output encoding occur in MVC architecture?

Validate input in the Controller (entry), use prepared statements in the Model (DB), and encode output in the View (render). "Validate early, encode late."

Request flows User → Controller (validate + sanitize) → Model (prepared statements) → DB; response → View (output encoding) → User.

* MVC control placement — validate early in the Controller, parameterize in the Model, encode late in the View. *

Model (Database layer):

  • Use Prepared Statements for all queries
  • Encoding/Escaping for data going into DB

View (Output layer):

  • Output Encoding/Escaping before rendering
  • Context-appropriate encoding (HTML, JS, URL, CSS)

Controller (Input layer):

  • Input Validation - verify format, type, length
  • Sanitization - clean/normalize input

Key principle: Validate input early, encode output late, use prepared statements always.

From Quiz: SPRG / Input Validation & Output Encoding | Updated: Jun 20, 2026