It is always recommended to prevent attacks as early as possible in the processing of the user’s (attacker's) request.
Input validation can be used to detect unauthorized input before it is processed by the application.
Therefore, data validation should start with business process definition and set of business rules within this process.
Rules can be collected through the requirements capture exercise.
The World Wide Web offers information and data from all over the world.
Because so much information is available, and because that information can appear to be fairly “anonymous”, it is necessary to develop skills to evaluate what you find.
It uses routines, often called "validation rules" "validation constraints" or "check routines", that check for correctness, meaningfulness, and security of data that are input to the system.Input validation is performed to ensure only properly formed data is entering the workflow in an information system, preventing malformed data from persisting in the database and triggering malfunction of various downstream components.Input validation should happen as early as possible in the data flow, preferably as soon as the data is received from the external party.The rules may be implemented through the automated facilities of a data dictionary, or by the inclusion of explicit application program validation logic.Data validation is intended to provide certain well-defined guarantees for fitness, accuracy, and consistency for any of various kinds of user input into an application or automated system.Input validation should be applied on both syntactical and semantic level.