Quiz Entry - updated: 2026.06.20
Where should input validation, sanitization, and output encoding occur in MVC architecture?
Validate input in the Controller (entry), use prepared statements in the Model (DB), and encode output in the View (render). "Validate early, encode late."
* MVC control placement — validate early in the Controller, parameterize in the Model, encode late in the View. *
Model (Database layer):
- Use Prepared Statements for all queries
- Encoding/Escaping for data going into DB
View (Output layer):
- Output Encoding/Escaping before rendering
- Context-appropriate encoding (HTML, JS, URL, CSS)
Controller (Input layer):
- Input Validation - verify format, type, length
- Sanitization - clean/normalize input
Key principle: Validate input early, encode output late, use prepared statements always.