Thursday, April 25, 2013

V is for Validation

No, not the kind where everyone tells you what a wonderful writer you are, though that would be nice...

Validation, in software terms, is where your software checks - or validates - the data it is being given to make sure it looks reasonable.

At its simplest, validation takes place when the user types something into a screen. It makes sure, for example, that you don't type in a word where a number is wanted, or put in a date of February 31.

Validation is a vital part of defensive design. It is one of your system's first lines of defense - keep the garbage out in the first place.

It is also an act of kindness. It is kinda childish to let someone spend ages filling in a screen of data only to blow a raspberry at them and point out a mistake right on the first line that you could have warned them about at the time.

It can also save your users from embarrassing, or even dangerous, mistakes. There have been examples recently of people losing out because of negligent (IMHO) design in online banking systems. Sending money to a stranger's account by accident because of a single digit mistake in the account number, when a simple check digit algorithm could make such errors impossible. Or hitting a zero instead of a decimal point by accident - considerate validation would at least warn if a payment amount looked suspiciously large.

And many security loopholes in websites exploit a shocking lack of validation, such as limiting the length of data input or preventing embedded code from being executed.

Too strict validation can also be a problem. Witness the centenarian who is told her date of birth cannot be accepted by the system.

Validation is like salt. Both too much and too little can spoil the dish.


  1. I've always wanted our website's phone and address input validation to follow other website's who go through the extra time to weed out potential data problems.

    If you have a US phone number, mask the input field with (111) 111-1111 otherwise, give a free form input field. We hardly ever have foreign numbers, so free form is fine there. I hate getting 1-800-CALLBOB. It's preventable!

  2. Diane, that sounds like plain laziness! It might take longer to program in the first place, but compared with forever dealing with preventable crap for the life of the system, it's money well spent.


I love comments. Please feel free to join in the discussion.

I also try to respond to comments. I usually do so during the early evening (Pacific time) which may be many hours away from now!

So if you leave a comment and return some time later and I haven't responded yet, please don't think I'm ignoring you. I'm not. Honest.

Related Posts Plugin for WordPress, Blogger...