Data validation is your application's first line of defense. Invalid data causes bugs, security vulnerabilities, and corrupted databases. Robust validation catches problems early and provides clear feedback to users and developers.
Validation Principles#
Validate at Boundaries#
External input → Validation → Internal processing
Boundaries:
- API endpoints
- Form submissions
- File uploads
- Database reads (legacy data)
- Third-party API responses
- Environment variables
Fail Fast#
Loading code block...
Schema Validation with Zod#
Basic Schemas#
Loading code block...
Complex Schemas#
Loading code block...
Transformations#
Loading code block...
Refinements#
Loading code block...
API Validation#
Express Middleware#
Loading code block...
tRPC Integration#
Loading code block...
Form Validation#
React Hook Form + Zod#
Loading code block...
Database Validation#
Prisma Integration#
Loading code block...
Database Constraints as Backup#
Loading code block...
Environment Validation#
At Startup#
Loading code block...
Error Messages#
User-Friendly Messages#
Loading code block...
Error Formatting#
Loading code block...
Sanitization#
Input Sanitization#
Loading code block...
Testing Validation#
Loading code block...
Best Practices#
1. Single Source of Truth#
Loading code block...
2. Composition#
Loading code block...
3. Graceful Degradation#
Loading code block...
Conclusion#
Validation is not optional—it's essential for security, reliability, and user experience. Use schema validation libraries like Zod for type-safe, composable validation that works across your entire stack.
Validate at every boundary, fail fast with clear errors, and test your validation logic thoroughly. The effort invested in robust validation pays dividends in prevented bugs and security issues.