Data validation is your application's first line of defense. Invalid data causes bugs, security vulnerabilities, and corrupted databases. Robust validation catches problems early and provides clear feedback to users and developers.
Validation Principles
Validate at Boundaries
External input → Validation → Internal processing
Boundaries:
- API endpoints
- Form submissions
- File uploads
- Database reads (legacy data)
- Third-party API responses
- Environment variables
Fail Fast
Loading code block...
Schema Validation with Zod
Basic Schemas
Loading code block...
Complex Schemas
Loading code block...
Transformations
Loading code block...
Refinements
Loading code block...
API Validation
Express Middleware
Loading code block...
tRPC Integration
Loading code block...
Form Validation
React Hook Form + Zod
Loading code block...
Database Validation
Prisma Integration
Loading code block...
Database Constraints as Backup
Loading code block...
Environment Validation
At Startup
Loading code block...
Error Messages
User-Friendly Messages
Loading code block...
Error Formatting
Loading code block...
Sanitization
Input Sanitization
Loading code block...
Testing Validation
Loading code block...
Best Practices
1. Single Source of Truth
Loading code block...
2. Composition
Loading code block...
3. Graceful Degradation
Loading code block...
Conclusion
Validation is not optional—it's essential for security, reliability, and user experience. Use schema validation libraries like Zod for type-safe, composable validation that works across your entire stack.
Validate at every boundary, fail fast with clear errors, and test your validation logic thoroughly. The effort invested in robust validation pays dividends in prevented bugs and security issues.