Bird
Raised Fist0
Expressframework~20 mins

Manual validation patterns in Express - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Manual Validation Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What is the response when missing required field in manual validation?
Consider this Express route that manually validates a JSON body for a required username field. What will the server respond if the client sends an empty JSON object {}?
Express
app.post('/register', (req, res) => {
  const { username } = req.body;
  if (!username) {
    return res.status(400).json({ error: 'Username is required' });
  }
  res.status(200).json({ message: `Welcome, ${username}!` });
});
AStatus 200 with JSON { message: 'Welcome, undefined!' }
BStatus 400 with JSON { error: 'Username is required' }
CStatus 500 with server error message
DStatus 404 with empty response
Attempts:
2 left
💡 Hint
Check the condition that tests if username exists before sending success response.
📝 Syntax
intermediate
2:00remaining
Identify the syntax error in this manual validation middleware
This Express middleware is intended to check if email exists in the request body. Which option correctly identifies the syntax error?
Express
function validateEmail(req, res, next) {
  if (!req.body.email) {
    res.status(400).json({ error: 'Email required' });
  } else {
    next();
  }
}
AMissing semicolon after res.status(400).json(...) causes syntax error
BIncorrect use of arrow function syntax
CMissing return statement after sending response causes next() to run anyway
DNo syntax error; code is valid
Attempts:
2 left
💡 Hint
Think about what happens after sending a response without return.
state_output
advanced
2:00remaining
What is the output when validating multiple fields manually?
Given this Express route that manually validates username and password, what JSON response will the client receive if username is provided but password is missing?
Express
app.post('/login', (req, res) => {
  const { username, password } = req.body;
  if (!username) {
    return res.status(400).json({ error: 'Username required' });
  }
  if (!password) {
    return res.status(400).json({ error: 'Password required' });
  }
  res.status(200).json({ message: `User ${username} logged in` });
});
A{ error: 'Password required' } with status 400
B{ error: 'Username required' } with status 400
C{ message: 'User undefined logged in' } with status 200
D{ message: 'User username logged in' } with status 200
Attempts:
2 left
💡 Hint
Check the order of validation checks and which field is missing.
🔧 Debug
advanced
2:00remaining
Why does this manual validation middleware allow invalid emails?
This middleware is supposed to reject requests with invalid email format. Why does it fail to do so?
Express
function checkEmailFormat(req, res, next) {
  const email = req.body.email;
  if (!email || email.indexOf('@') === -1) {
    res.status(400).json({ error: 'Invalid email' });
  } else {
    next();
  }
}
Aemail is undefined when body is empty, causing runtime error
BindexOf('@') returns -1 for valid emails, so condition is wrong
CMiddleware is not attached to any route, so never runs
DMissing return after res.status(400)... causes next() to run even on invalid email
Attempts:
2 left
💡 Hint
What happens after sending a response without stopping execution?
🧠 Conceptual
expert
3:00remaining
Which manual validation pattern best prevents multiple responses in Express?
In manual validation, what is the best pattern to ensure the server sends only one response and does not call next() after sending an error?
AAlways use 'return' before sending a response to stop further code execution
BCall next() immediately after sending a response to continue middleware chain
CUse try-catch blocks around validation and call next() in finally block
DSend multiple responses but handle errors on client side
Attempts:
2 left
💡 Hint
Think about how JavaScript functions stop running after return.

Practice

(1/5)
1. What is the main purpose of manual validation in Express route handlers?
easy
A. To check user input step-by-step and catch bad data early
B. To automatically generate database schemas
C. To speed up server response time by skipping checks
D. To style the user interface dynamically

Solution

  1. Step 1: Understand manual validation role

    Manual validation means checking user input carefully in your code before using it.

  2. Step 2: Identify the main goal

    The goal is to catch bad or incorrect data early to keep the app safe and user-friendly.

  3. Final Answer:

    To check user input step-by-step and catch bad data early -> Option A

  4. Quick Check:

    Manual validation = catch bad data early [OK]
Hint: Manual validation means checking input carefully yourself [OK]
Common Mistakes:
  • Thinking validation auto-generates database code
  • Believing validation speeds up server by skipping checks
  • Confusing validation with UI styling
2. Which of the following is the correct way to manually validate that a request body has a non-empty 'username' field in Express?
easy
A. if (req.body.username === undefined) { next(); }
B. if (!req.body.username) { res.status(400).send('Username required'); }
C. if (req.body.username.length === 0) { res.sendStatus(200); }
D. if (req.body.username == null) { res.redirect('/'); }

Solution

  1. Step 1: Check for missing or empty username

    Using !req.body.username checks if username is missing or empty string.

  2. Step 2: Respond with error status and message

    Sending status 400 with message 'Username required' correctly informs client of bad input.

  3. Final Answer:

    if (!req.body.username) { res.status(400).send('Username required'); } -> Option B

  4. Quick Check:

    Check missing username and send 400 error [OK]
Hint: Use if (!field) to check missing or empty string [OK]
Common Mistakes:
  • Using next() instead of sending error response
  • Sending 200 OK on invalid input
  • Redirecting instead of responding with error
3. Consider this Express route snippet:
<pre>app.post('/submit', (req, res) => { if (typeof req.body.age !== 'number' || req.body.age < 18) { return res.status(400).send('Age must be 18 or older'); } res.send('Welcome!'); });
What will be the response if the client sends {"age": 16} in JSON body?
medium
A. Status 500 server error
B. Status 200 with message 'Welcome!'
C. Status 400 with message 'Age must be 18 or older'
D. No response, request hangs

Solution

  1. Step 1: Check age type and value

    The code checks if age is not a number or less than 18. Here age is 16, a number but less than 18.

  2. Step 2: Return 400 error with message

    Since age < 18, the code returns status 400 with message 'Age must be 18 or older'.

  3. Final Answer:

    Status 400 with message 'Age must be 18 or older' -> Option C

  4. Quick Check:

    Age 16 triggers 400 error [OK]
Hint: Check conditions carefully to predict response status [OK]
Common Mistakes:
  • Assuming 16 passes validation
  • Expecting 200 OK instead of error
  • Thinking server crashes on invalid input
4. Identify the bug in this manual validation code snippet:
app.post('/login', (req, res) => {
  if (req.body.password.length < 8) {
    res.status(400).send('Password too short');
  }
  res.send('Login successful');
});
medium
A. Missing return after sending error response causes double response
B. Password length check should be > 8, not < 8
C. Should use req.query instead of req.body
D. res.send should be res.json for JSON response

Solution

  1. Step 1: Analyze error response flow

    The code sends error response if password is too short but does not stop execution.

  2. Step 2: Identify missing return causes double response

    Without return, the code continues and sends 'Login successful' response, causing error.

  3. Final Answer:

    Missing return after sending error response causes double response -> Option A

  4. Quick Check:

    Return after error response to stop execution [OK]
Hint: Always return after sending error response to avoid double send [OK]
Common Mistakes:
  • Thinking length check direction is wrong
  • Confusing req.body with req.query
  • Believing res.send must be res.json
5. You want to manually validate a user registration form in Express. The form requires 'email' (non-empty string), 'password' (min 8 chars), and 'age' (optional, but if present must be number >= 13). Which code snippet correctly implements this validation?
hard
A. if (!req.body.email || req.body.email.length === 0) { return res.status(400).send('Email required'); } if (req.body.password.length < 8) { return res.status(200).send('Password too short'); } if (req.body.age && typeof req.body.age !== 'string') { return res.status(400).send('Age must be a string'); } next();
B. if (!req.body.email) { res.send('Email missing'); } if (req.body.password.length <= 8) { res.send('Password invalid'); } if (req.body.age < 13) { res.send('Too young'); } next();
C. if (req.body.email === '') { return res.status(500).send('Email error'); } if (req.body.password.length > 8) { return res.status(400).send('Password too short'); } if (req.body.age && req.body.age < 13) { return res.status(400).send('Age error'); } next();
D. if (!req.body.email || typeof req.body.email !== 'string') { return res.status(400).send('Email required'); } if (!req.body.password || req.body.password.length < 8) { return res.status(400).send('Password too short'); } if (req.body.age !== undefined && (typeof req.body.age !== 'number' || req.body.age < 13)) { return res.status(400).send('Age must be 13 or older'); } next();

Solution

  1. Step 1: Validate email presence and type

    if (!req.body.email || typeof req.body.email !== 'string') checks for missing, empty, or non-string email and returns 400 error if invalid.

  2. Step 2: Validate password length correctly

    if (!req.body.password || req.body.password.length < 8) checks for missing or short password (<8 chars) and returns 400 error.

  3. Step 3: Validate optional age correctly

    if (req.body.age !== undefined && (typeof req.body.age !== 'number' || req.body.age < 13)) checks if age provided, then ensures it's a number >=13, returns 400 if invalid.

  4. Final Answer:

    if (!req.body.email || typeof req.body.email !== 'string') { return res.status(400).send('Email required'); } if (!req.body.password || req.body.password.length < 8) { return res.status(400).send('Password too short'); } if (req.body.age !== undefined && (typeof req.body.age !== 'number' || req.body.age < 13)) { return res.status(400).send('Age must be 13 or older'); } next(); -> Option D

  5. Quick Check:

    All fields validated with correct conditions and error codes [OK]
Hint: Check each field with proper type and conditions, return on error [OK]
Common Mistakes:
  • Not returning after sending error response
  • Using wrong status codes like 200 or 500 for validation errors
  • Checking wrong types or missing optional field checks