Validimi i të Dhënave Hyrëse

Fillestar 11 min Siguria e Aplikacioneve Web

Hyrje

Input validation is the practice of rejecting data that does not match the expected format before it reaches the business logic.

Teoria

Good validation is strict and allow-list based: define exactly what is acceptable for each field — length, character set, format, range — and reject anything else. For example, a Kosovo phone number field should accept only the pattern ^\+3834[3-9][0-9]{6}$, not "any string up to 20 chars". Client-side validation is for UX only; it is trivially bypassed with curl or Burp, so every check must be duplicated on the server. Where possible, parse instead of validate. If you expect an integer, call intval() or equivalent and reject anything that fails. If you expect a date, parse it with a date library. Parsing forces the value into a known type and eliminates whole classes of injection attacks that target string concatenation. Validation is not a substitute for output encoding and prepared statements — a validated string is still not safe to concatenate into SQL or HTML. Think of validation as the first layer that reduces attack surface, and encoding / parameterization as the final layer that prevents injection in the target context.

Mjetet

Mjete validimi:

  • filter_var() në PHP, Respect\Validation.
  • Joi, Zod, Yup — në Node.js/TS.
  • Pydantic në Python.
  • JSON Schema për API-t REST.

Praktika

Validim allow-list në server (jo në klient!):

if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    http_response_code(400); exit;
}
if (!preg_match('/^[a-zA-Z0-9_\-]{3,20}$/', $username)) { /* refuzo */ }
$age = filter_var($_POST['age'], FILTER_VALIDATE_INT, ['options' => ['min_range' => 13, 'max_range' => 120]]);

Ushtrime

  1. Shkruaj validim për një formular regjistrimi: email, fjalëkalim i fortë, moshë 13+, vend nga një listë e mbyllur.
  2. Trego pse validimi vetëm në JavaScript nuk është i mjaftueshëm.

Burime

Vlerësimet dhe komentet

Kyçu për të lënë një vlerësim.

Ende pa komente. Bëhu i pari!

Diskutime

Ende pa diskutime. Hap një temë të re