LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

Why is input validation critical for backend security?

All user input is untrusted and may be malicious, so validate it before processing to prevent vulnerabilities and crashes.

Validation process:

  1. Check if required parameters exist
  2. Validate parameter content (type, format, range)
  3. Return error response (400 Bad Request) if invalid
  4. Only process if all validation passes

Example:

let error = null;

// 1a. Check existence
if (!('currency' in req.query)) {
    error = "Parameter 'currency' not set";
}
// 1b. Validate content
else if (req.query.currency !== 'CHF' && req.query.currency !== 'EUR') {
    error = "Invalid value for parameter 'currency'";
}

// 2. Abort on error
if (error) {
    res.status(400);
    res.send(error);
    return;
}

// 3. Process valid input
res.send('Processing with currency: ' + req.query.currency);

Note: Also validate request body and cookies - all user input is untrusted!

From Quiz: WEBT / Backend Development | Updated: Jun 20, 2026