YouTube

Got a YouTube account?

New: enable viewer-created translations and captions on your YouTube channel!

English subtitles

← Validation - Web Development

Get Embed Code
4 Languages

Showing Revision 11 created 05/25/2016 by Udacity Robot.

  1. Okay--onto a new concept: this is the concept of Validation.
  2. Validation basically means
  3. verifying, on the Server side, that what we received
  4. is what we expected to receive.
  5. So we have you, and we have our Servers--
  6. and you're submitting to our form certain values.
  7. Let's say you're sending the "q" parameter.
  8. It's a checkbox that we've put on our form
  9. and its value equals "on".
  10. And the Server receives that and knows what to do if "q" equals "on",
  11. and it knows what to do if "q" is not present--
  12. you know--that means the checkbox wasn't checked.
  13. But what if there's a bad guy
  14. and he's wearing a hat, and he submits to our Server
  15. the "q" parameter--but instead of equaling "on" or not being present,
  16. he submits the word, "broken"?
  17. Now, depending on how our Server is programmed--
  18. you know--it can just say
  19. oh, well I don't know what "broken" means
  20. so I'm just going to assume it's unchecked,
  21. which is probably the smart thing to do.
  22. And that's great.
  23. The point I'm trying to make, however,
  24. is that just because we have a form with a checkbox on it
  25. that limits what a user can send us--through the form--
  26. it doesn't mean that somebody can't send, directly to our Server,
  27. parameters with arbitrary junk in them.
  28. And it's up to our Server to make sure that we handle it safely.
  29. Always remember that your Server can receive junk
  30. and it needs to be smart enough
  31. to deal with somebody sending completely broken data.
  32. And it doesn't necessarily have to be the string, "broken", right?
  33. This could be a megabyte of trash,
  34. and you don't want to just blindly do something with it.
  35. So make sure you're always validating your parameters,
  36. and that's what we're going to talk about now.