Input Validation (OCR GCSE Computer Science): Revision Notes

Input Validation

Input validation is the process of ensuring that the data entered into a system is sensible, reasonable, and meets certain predefined criteria. This helps prevent errors and protects against malicious data that could harm the system or cause it to behave unexpectedly.

Input Validation vs Input Sanitisation

Input Validation	Input Sanitisation
Ensures the data is sensible and meets specific criteria but doesn't check for accuracy.	Cleans data to remove any unwanted or harmful characters before it is processed.
Checks things like length, format, and range.	May remove or escape harmful characters, spaces, or symbols from user input to prevent attacks like SQL injection.
For example, checks if a password is at least 8 characters long.	For example, removes special symbols from a text field to prevent malicious code entry.

Types of Validation Checks

Validation Check	Description	Example
Check digit	The last digit(s) in a number is used to verify that the other digits are correct.	Bar code readers use check digits to verify product codes.
Format check	Ensures data follows a specific format.	For example, a date must follow the format DD/MM/YYYY.
Length check	Checks that the input data is of the correct length.	A password must be exactly 8 characters long.
Lookup table	Checks that data matches one of the valid values from a predefined list.	For example, gender could be limited to options in a dropdown menu.
Presence check	Ensures that data is entered into a required field.	A form field for "Name" must not be left empty.
Range check	Ensures that a value falls within a specified range.	A person's age must be between 0 and 120.

Designing Input Validation in Practice

When designing a system that requires input validation, it's important to implement several checks to ensure that users cannot enter invalid or harmful data. For example:

Username Validation

• Use a length check to ensure the username is not too short or long.
• Use a format check to ensure only valid characters (letters and numbers) are used.

Example in Python:

username = input("Enter username: ")
if len(username) < 5 or len(username) > 15:
    print("Username must be between 5 and 15 characters.")
elif not username.isalnum():
    print("Username can only contain letters and numbers.")

Password Validation

Use a length check to ensure the password is at least 8 characters long.

Use a format check to require a mix of upper and lowercase letters, numbers, and special characters.

Example in Python:

password = input("Enter password: ")
if len(password) < 8:
    print("Password must be at least 8 characters.")
elif not any(char.isdigit() for char in password):
    print("Password must contain at least one number.")
elif not any(char.isupper() for char in password):
    print("Password must contain at least one uppercase letter.")

Simple Authentication System (Username and Password)

A simple authentication system can be created by combining input validation for both the username and password fields. This system verifies that the user input matches predefined valid credentials.

Example of Simple Authentication in Python

# Predefined username and password
correct_username = "user123"
correct_password = "Password123!"

# Ask for input from the user
username = input("Enter username: ")
password = input("Enter password: ")

# Validate username and password
if username == correct_username and password == correct_password:
    print("Access Granted")
else:
    print("Invalid username or password")

In this example, the programme validates the input by checking if the entered username and password match the correct predefined values. If both are correct, access is granted.