Quiz Entry - updated: 2026.06.20
Why is input validation critical for backend security?
All user input is untrusted and may be malicious, so validate it before processing to prevent vulnerabilities and crashes.
Validation process:
- Check if required parameters exist
- Validate parameter content (type, format, range)
- Return error response (400 Bad Request) if invalid
- Only process if all validation passes
Example:
let error = null;
// 1a. Check existence
if (!('currency' in req.query)) {
error = "Parameter 'currency' not set";
}
// 1b. Validate content
else if (req.query.currency !== 'CHF' && req.query.currency !== 'EUR') {
error = "Invalid value for parameter 'currency'";
}
// 2. Abort on error
if (error) {
res.status(400);
res.send(error);
return;
}
// 3. Process valid input
res.send('Processing with currency: ' + req.query.currency);
Note: Also validate request body and cookies - all user input is untrusted!