Validation is the process of checking that data entered into a system is correct, complete and in the expected shape before the system accepts it. It is the difference between blindly trusting whatever a user types and confirming, for example, that a phone number contains only digits and a required field is not empty. Done well, it stops bad data at the door.

A useful comparison is a bouncer at an event checking tickets and ID. Anyone can walk up, but only the people whose details match get in. A signup form does the same: it confirms the email looks like an email, the password is long enough, and the date of birth is a real date. When something fails the check, good error handling shows a clear message so the end user can fix it rather than hitting a wall.

Validation is not the same as type safety. Type safety checks the code against itself as it is written; validation checks real data while the program runs. It is also a frontline security measure, because a lot of attacks rely on a system trusting input it should have rejected. One thing to watch: validation must happen on the server, not only in the browser, since browser checks can be skipped. It sits close to authentication but answers a different question. Authentication asks who you are; validation asks whether what you sent is well-formed and safe to use. Both have to hold for a system to be trustworthy.

At TopDevs we validate input on both the screen and the server, so a client’s data stays clean and their system stays safe from the kind of input that should never have made it in.