1 of 10

Programming Theory:

Validation

6

2 of 10

Validation

Learning Objective:

Text

Learning outcome:

Text

2

3 of 10

iCan()

iCan.Explore()

I show an understanding of the topic by briefly describing my understanding

iCan.Enhance()

I show a good technical understanding and am able to show this through detailed description and evaluation of effectiveness.

iCan.Excel()

I can show an excellent technical understanding of the topic and can give factually correct examples and evidence.

3

4 of 10

Defensive Design Considerations

Make a list of where you commonly enter data.

  • How much of this is personal data?

When data is entered into a program it is important that it is valid in order for the program to operate correctly.

Sometimes users will deliberately enter incorrect or ‘spam’ data in an attempt to access a program or the program code.

4

5 of 10

Validation

  • Validation is a check made by a computer to ensure that the data entered is sensible or reasonable.

  • It cannot check that it is correct because a user may lie or make a mistake.

  • It attempts to ensure that it is within certain limits or rules.

5

6 of 10

Examples

A user is asked to enter a mobile phone number but only enters 9 digits.

  • A standard UK mobile number is 11 digits.
  • A length check validation can be used to ensure that 11 digits are entered

A user has failed to fill out any of the the sign up form

  • The data is needed for the account
  • Validation checks if any boxes are empty and stops the user from progressing.

6

7 of 10

Input Sanitisation

A method for validating data and stopping attacks is to clean up the data that is inputted so that it is ready for the application to use.

Some users may add additional data to try and access the program or provide clues on how to access the program.

Data sanitisation trims or strips strings, removing unwanted characters from strings

For example, Dave not dav%e, the % would be removed

This ensures that the input is correct and contains only the permitted characters, letters and symbols.

7

8 of 10

Input Sanitisation

  • The data below is inputted in a government form to claim back tax. Read the data below and identify the issues and how to fix them.

  1. Dav3
  2. Sarah@#gmail.com
  3. Name: claire swainsworth
  4. £546.56.67
  5. O1982 56O635

8

9 of 10

Input Sanitisation (Answers)

  • Dav3 - numbers should be removed
  • Sarah@#gmail.com - valid domain name must be entered
  • Name: claire swainsworth - Have separate boxes for first and last name, reduce the box to a single word
  • £546.56.67 - Check for a valid number (1 decimal point)
  • O1982 56O635 - Only 10 digit, 11 digits must be entered, space removed

9

10 of 10

Which code is better

10