Data Validation (AQA GCSE Computer Science): Revision Notes
Data validation
What makes programmes robust and secure?
When you're writing programmes, it's not enough to just make sure they work on your own computer with the data you expect. Real programmes need to handle all sorts of unexpected situations and users.
A robust programme is one that keeps working properly even when things don't go as planned - like when users enter weird data or the programme runs on different hardware. Think of it as a programme that can "roll with the punches."
A secure programme goes one step further by making sure only the right people can use it. Security is especially important because attackers often try to break programmes by deliberately entering bad data to find weaknesses.
Why does this matter? In the real world, your programmes will face unexpected situations daily. Users might accidentally type the wrong thing, hardware might behave differently, or malicious users might try to exploit weaknesses. Building robustness and security from the start saves countless hours of debugging and potential security breaches later.
Understanding data validation
Data validation is like having a bouncer at the door of your programme - it checks that incoming data meets certain rules before letting it through. This is crucial for making programmes robust because users don't always enter what you expect them to.
For example, imagine you ask someone to enter a number between 1 and 10. What happens if they:
Common unexpected inputs:
- Enter 150 or -5?
- Type "ten pounds" instead of a number?
- Enter nothing at all?
- Include a £ symbol with their number?
A well-designed programme needs to handle all these scenarios gracefully instead of crashing or producing nonsensical results.
Common validation problems - a banking example
Let's look at a simple banking programme that lets users withdraw money:
balance ← 100
withdraw ← USERINPUT
balance ← balance - withdraw
OUTPUT 'your balance is now' + balance
This basic programme has several serious problems that demonstrate why validation is essential:
Critical Security Flaws:
- Users could withdraw more money than they have
- Users could withdraw negative amounts (essentially adding money!)
- Users could enter text instead of numbers, causing the programme to crash
- Users could enter amounts with £ symbols, breaking the calculation
These issues show why validation is essential for robust programming.
Types of data validation
There are three main types of validation that every programmer should understand:
Range validation
This checks that numbers fall within acceptable limits. Range validation ensures values stay within sensible boundaries.
Worked Example: Range Validation
Ensuring a number is between 1 and 100:
OUTPUT 'Enter a number'
num ← USERINPUT
IF num ≥ 1 AND num ≤ 100 THEN
valid ← True
ELSE
valid ← False
ENDIF
Length validation
Length validation ensures text has the right number of characters, preventing overly short or long inputs.
Worked Example: Length Validation
Checking that input has at least 8 characters:
OUTPUT 'Enter some text'
text ← USERINPUT
IF LEN(text) ≥ 8 THEN
valid ← True
ELSE
valid ← False
ENDIF
Presence check
Presence checks stop users from leaving important fields empty, ensuring essential data is provided.
Worked Example: Presence Check
Preventing empty input:
OUTPUT 'Enter some text'
text ← USERINPUT
IF text ← "" THEN
valid ← False
ELSE
valid ← True
ENDIF
Improved banking example with validation
Here's how we can transform our vulnerable banking programme into a robust, validated system:
Worked Example: Complete Banking Validation
balance ← 100
withdraw ← 0
WHILE (withdraw ≤ 0) OR (withdraw > balance)
OUTPUT 'Enter amount to withdraw in £'
withdraw ← USERINPUT
IF withdraw < 0 THEN
OUTPUT 'You must withdraw a positive amount'
ELSE IF withdraw > balance THEN
OUTPUT 'You cannot withdraw more than your balance'
ENDIF
ENDWHILE
balance ← balance - withdraw
OUTPUT 'Your balance is now'
OUTPUT balance
Key Improvements:
- Uses a loop to keep asking until valid input is received
- Prevents negative withdrawals
- Prevents overdrafts
- Gives helpful error messages to guide the user
However, it still doesn't handle non-numeric input or amounts with £ symbols - showing that even with validation, there's often more work to do for complete robustness.
Important limitations of validation
Critical Understanding: What Validation Can and Cannot Do
It's crucial to understand that validation can only check if data follows certain rules - it cannot check if data is actually correct.
For example, you could validate that a phone number contains only digits and starts with 0, and "123ABC" would be rejected as invalid. However, if someone entered a valid format like "07123456789" but it was actually their friend's number instead of their own, the validation would pass even though the data is wrong for that person.
This is why validation is about making data sensible and expected, not necessarily correct.
Exam tips for data validation
When tackling data validation questions in exams, keep these strategies in mind:
Exam Success Strategies:
- Always explain what type of validation you're using (range, length, presence)
- Give specific examples of invalid data that would be caught
- Remember that validation prevents crashes and unexpected behaviour
- Consider using loops with validation to keep asking until valid input is received
- Don't forget that validation has limitations - it can't guarantee data accuracy
Key Points to Remember:
- Robust programmes handle unexpected situations gracefully without crashing
- Secure programmes only allow authorised users access
- Data validation checks input against rules to ensure it's sensible and expected
- Three main types: range validation (within limits), length validation (right number of characters), and presence checks (not empty)
- Validation prevents crashes but cannot guarantee data is actually correct - only that it follows the rules
- Always use loops with validation to keep asking until users provide acceptable input