SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Member
    Join Date
    Sep 2013
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Best Practice to test input validation

    Dear Sitepoint fellows,

    I wonder if anyone likes to share his knowledge about best practices concerning the testing of an implemented input validation.

    Some of you surely know of the uncertainty: Is that input validation really working to 100 percent?

    Let's say I want to validate that a user input has a certain format. (I obviously use a regular expression for that.) As test case I try out several strings including randomly generated ones and see if they break the validation. If that happens I optimize my regular expression and start the tests over again. This iterative process doesn't bother me, but...

    My concern is: How can I make sure that I tested every sequence of the allowed characters? Or in general: How do I gather a complete set of test cases?

    Looking forward to your feedback
    ~ Thorsten

  2. #2
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,119
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    First off, kudos to taking the initiative and time to do proper testing

    On all the projects I do, I try to test as many scenarios as I can, however, I realize I won't get them all when it comes to complicated regex or the like. So I go with what I feel is the most typical errors, a slew of random input, and a few edge cases that I could see others trying to enter. Beyond that, I just watch for issues, and when they arise, I add a test around those specific inputs.

    Over time, it becomes rock solid (to the point, looking into the issue and adding a test is more expensive than what it is worth -- at that point, you are in a good position).

    I think based on your description, you are set with what you have. You just need to release it, and monitor it.

  3. #3
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,140
    Mentioned
    190 Post(s)
    Tagged
    2 Thread(s)
    I always try to limit input as much as possible by "whitelist" (allows what is acceptable) rather than "blacklist" (excludes what is unacceptable).

    That is, use radio or checkbox buttons or select options wherever possible.
    For text inputs test that it contains only what you want instead of testing for what you don't want.

    As cpradio mentioned, for complex input it's nigh impossible to think of every possibilty and I agree that it has to be released and monitored at some point else it will never get released.

  4. #4
    SitePoint Member
    Join Date
    Sep 2013
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your input, cpradio and Mittineague! Confirms me that the "iterative approach" is an acceptable solution.

    No need to worry about putting too much effort in testing my code. I'm doing this web development thing for a while now.

    Over time I was just getting curious if I could use additional, perhaps automated techniques to consolidate my input validation patterns. You have to admit, working on your validation until it "feels" right doesn't seem sophisticated. But if there are no further efficient solutions, I can live with that.

    If anybody else likes to share his experiences in testing input validation, go for it.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •