Bird
Raised Fist0
Expressframework~5 mins

express-validator setup

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction

express-validator helps check and clean user input in Express apps. It keeps your app safe and error-free.

When you want to check if a user typed a valid email in a signup form.
When you need to make sure a password is strong enough before saving it.
When you want to confirm required fields are not empty in a form submission.
When you want to give clear error messages if user input is wrong.
When you want to avoid bad data causing bugs or security issues.
Syntax
Express
import { body, validationResult } from 'express-validator';

app.post('/route', [
  body('fieldName').validationMethod(),
  // more validations
], (req, res) => {
  const errors = validationResult(req);
  if (!errors.isEmpty()) {
    return res.status(400).json({ errors: errors.array() });
  }
  // proceed if no errors
});

Use body() to check data sent in the request body.

validationResult(req) collects errors after validations run.

Examples
Checks if the 'email' field contains a valid email address.
Express
body('email').isEmail()
Ensures the 'password' field is at least 6 characters long.
Express
body('password').isLength({ min: 6 })
Checks that the 'username' field is not empty.
Express
body('username').notEmpty()
Sample Program

This Express app sets up a POST route '/register' that checks user input for email, password, and username. If input is invalid, it sends back error details. If all is good, it confirms registration.

Express
import express from 'express';
import { body, validationResult } from 'express-validator';

const app = express();
app.use(express.json());

app.post('/register', [
  body('email').isEmail().withMessage('Enter a valid email'),
  body('password').isLength({ min: 6 }).withMessage('Password must be 6+ chars'),
  body('username').notEmpty().withMessage('Username is required')
], (req, res) => {
  const errors = validationResult(req);
  if (!errors.isEmpty()) {
    return res.status(400).json({ errors: errors.array() });
  }
  res.send('User registered successfully');
});

app.listen(3000, () => console.log('Server running on port 3000'));
OutputSuccess
Important Notes

Always call validationResult(req) inside your route handler to get validation errors.

You can chain withMessage() to customize error messages for each check.

express-validator works well with Express JSON middleware to parse request bodies.

Summary

express-validator helps check and clean user input in Express apps.

Use body() and other validators to define rules for input fields.

Check errors with validationResult(req) and respond accordingly.

Practice

(1/5)
1. What is the main purpose of using express-validator in an Express app?
easy
A. To handle server errors automatically
B. To create database connections
C. To serve static files
D. To check and clean user input data

Solution

  1. Step 1: Understand express-validator's role

    express-validator is a tool used to validate and sanitize user input in Express applications.

  2. Step 2: Compare options with express-validator's purpose

    Only 'To check and clean user input data' matches this purpose. Options A, B, and C relate to other Express features.

  3. Final Answer:

    To check and clean user input data -> Option D

  4. Quick Check:

    express-validator = input validation [OK]
Hint: express-validator is for input checks, not server or DB tasks [OK]
Common Mistakes:
  • Confusing express-validator with database tools
  • Thinking it handles static files or errors automatically
2. Which of the following is the correct way to import the body validator from express-validator?
easy
A. const { body } = require('express-validator');
B. import { body } from 'express-validator';
C. import body from 'express-validator';
D. const body = require('express-validator').body();

Solution

  1. Step 1: Identify modern import syntax for express-validator

    express-validator exports named functions like body, so use named import syntax.

  2. Step 2: Choose correct ES module import

    import { body } from 'express-validator'; uses import { body } from 'express-validator'; which is correct for ES modules.

  3. Final Answer:

    import { body } from 'express-validator'; -> Option B

  4. Quick Check:

    Named import syntax = import { body } from 'express-validator'; [OK]
Hint: Use named imports with curly braces for express-validator [OK]
Common Mistakes:
  • Using default import instead of named import
  • Calling body() during import
  • Using require without destructuring
3. Given this Express route setup using express-validator, what will be the response if the email field is missing in the request body? 
import { body, validationResult } from 'express-validator';

app.post('/signup', [
  body('email').isEmail(),
  body('password').isLength({ min: 6 })
], (req, res) => {
  const errors = validationResult(req);
  if (!errors.isEmpty()) {
    return res.status(400).json({ errors: errors.array() });
  }
  res.send('Signup successful');
});
medium
A. Status 400 with error about missing or invalid email
B. Status 200 with message 'Signup successful'
C. Status 500 server error
D. Status 400 with error about password length only

Solution

  1. Step 1: Understand validation rules

    The route requires 'email' to be a valid email and 'password' to be at least 6 characters.

  2. Step 2: Analyze missing email field effect

    Missing 'email' fails isEmail() check, so validationResult(req) will contain errors.

  3. Step 3: Check response on validation failure

    The code returns status 400 with error details if errors exist.

  4. Final Answer:

    Status 400 with error about missing or invalid email -> Option A

  5. Quick Check:

    Missing email triggers validation error = Status 400 with error about missing or invalid email [OK]
Hint: Missing required field triggers 400 error with validation message [OK]
Common Mistakes:
  • Assuming success response despite missing fields
  • Confusing status codes for validation errors
  • Ignoring validationResult check
4. Identify the error in this express-validator setup: 
import { body, validationResult } from 'express-validator';

app.post('/login', (req, res) => {
  body('username').notEmpty();
  body('password').isLength({ min: 8 });

  const errors = validationResult(req);
  if (!errors.isEmpty()) {
    return res.status(422).json({ errors: errors.array() });
  }
  res.send('Login successful');
});
medium
A. Validators are not used as middleware before the route handler
B. validationResult is called incorrectly
C. Missing import of express
D. Response status code 422 is invalid

Solution

  1. Step 1: Check how validators are applied

    Validators like body('username').notEmpty() must be middleware before the route handler, not called inside it.

  2. Step 2: Identify correct middleware usage

    Validators should be passed as an array before the handler function in app.post.

  3. Final Answer:

    Validators are not used as middleware before the route handler -> Option A

  4. Quick Check:

    Validators must be middleware, not called inside handler [OK]
Hint: Validators go before handler as middleware, not inside it [OK]
Common Mistakes:
  • Calling validators inside route handler function
  • Ignoring middleware order
  • Assuming validationResult usage is wrong
5. You want to validate a user registration form with fields: email, password, and age. The rules are: email must be valid, password at least 8 characters, and age must be an integer between 18 and 99. Which express-validator setup correctly applies these rules and handles errors?
hard
A. app.post('/register', [ body('email').isEmail(), body('password').isLength({ min: 8 }), body('age').isInt({ min: 18, max: 99 }) ], (req, res) => { res.send('Registration complete'); });
B. app.post('/register', (req, res) => { body('email').isEmail(); body('password').isLength({ min: 8 }); body('age').isInt({ min: 18, max: 99 }); const errors = validationResult(req); if (!errors.isEmpty()) { return res.status(400).json({ errors: errors.array() }); } res.send('Registration complete'); });
C. app.post('/register', [ body('email').isEmail(), body('password').isLength({ min: 8 }), body('age').isInt({ min: 18, max: 99 }) ], (req, res) => { const errors = validationResult(req); if (!errors.isEmpty()) { return res.status(400).json({ errors: errors.array() }); } res.send('Registration complete'); });
D. app.post('/register', [ body('email').isEmail(), body('password').isLength({ min: 8 }), body('age').isInt({ min: 18, max: 99 }) ], (req, res) => { const errors = validationResult(req); if (errors.isEmpty()) { return res.status(400).json({ errors: errors.array() }); } res.send('Registration complete'); });

Solution

  1. Step 1: Check middleware usage for validators

    Validators must be passed as middleware array before the route handler, as in three of the choices.

  2. Step 2: Verify error handling logic

    app.post('/register', [ body('email').isEmail(), body('password').isLength({ min: 8 }), body('age').isInt({ min: 18, max: 99 }) ], (req, res) => { const errors = validationResult(req); if (!errors.isEmpty()) { return res.status(400).json({ errors: errors.array() }); } res.send('Registration complete'); }); correctly checks !errors.isEmpty() to detect errors and respond with status 400. app.post('/register', [ body('email').isEmail(), body('password').isLength({ min: 8 }), body('age').isInt({ min: 18, max: 99 }) ], (req, res) => { res.send('Registration complete'); }); skips error checking. app.post('/register', [ body('email').isEmail(), body('password').isLength({ min: 8 }), body('age').isInt({ min: 18, max: 99 }) ], (req, res) => { const errors = validationResult(req); if (errors.isEmpty()) { return res.status(400).json({ errors: errors.array() }); } res.send('Registration complete'); }); reverses the condition incorrectly. app.post('/register', (req, res) => { body('email').isEmail(); body('password').isLength({ min: 8 }); body('age').isInt({ min: 18, max: 99 }); const errors = validationResult(req); if (!errors.isEmpty()) { return res.status(400).json({ errors: errors.array() }); } res.send('Registration complete'); }); calls validators inside handler, which is wrong.

  3. Final Answer:

    The setup with validators as middleware array and correct !errors.isEmpty() check -> Option C

  4. Quick Check:

    Middleware validators + correct error check = app.post('/register', [ body('email').isEmail(), body('password').isLength({ min: 8 }), body('age').isInt({ min: 18, max: 99 }) ], (req, res) => { const errors = validationResult(req); if (!errors.isEmpty()) { return res.status(400).json({ errors: errors.array() }); } res.send('Registration complete'); }); [OK]
Hint: Use middleware array and check !errors.isEmpty() for validation [OK]
Common Mistakes:
  • Calling validators inside route handler
  • Skipping validationResult error check
  • Reversing error condition logic