Validating Data

Validating data is when you make sure it is good before saving it or allowing it even to be entered.

💎 The best data validation strategy is to create filters that allow good data, not block bad data. For example, instead of saying passwords cannot have punctuation [@#%&^*()${}:"<>|] you say passwords are allowed to have letters, numbers, and the underscore [a-Z0-9_]. Notice how many punctuation characters I missed in the first disallowed approach. It’s always safer to mistakenly block something rather than to accidentally allow it because you forgot to block it.

By the way, fancy characters do very little to improve your password strength. An easy to read small phrase of 70 characters is far safer than 8 fancy characters. This is one of the greatest fallacies brought on by trusting bad human intuition.