How much is too much?

Input validation has long been a highly debated field. No one disputes some sort of validation is appropriate, but the question how much is subject of great debate. And more: server-side only enough, or are modern websites expected to have client-side too? Google “email validation,” or more specifically, “php email validation” and you’ll find hundreds of scripts all of which go about it different ways.

Programmers have spent years of man-hours working on the same sets of problems when it comes to validation. Username, password, email address, name, phone number, and so on. These fields are common in thousands of registration pages. Most have different ways of handling it. I will admit I’ve reinvented the wheel a few times. Perhaps this is because there is no definitive set of functions cross-language cross-platform that we’ve all agreed upon as the way to validate. (more…)