Bird
Raised Fist0
Expressframework~5 mins

Manual validation patterns in Express - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is manual validation in Express?
Manual validation means checking user input yourself in your code before using it. You write simple if-else checks to make sure data is correct and safe.
Click to reveal answer
beginner
Why use manual validation instead of automatic libraries?
Manual validation gives you full control and helps you understand exactly what checks happen. It is simple for small apps and teaches core concepts.
Click to reveal answer
beginner
Show a simple manual validation example for checking if a username exists and is a string.
if (!req.body.username || typeof req.body.username !== 'string') { res.status(400).send('Username is required and must be a string'); return; }
Click to reveal answer
beginner
What is a common pattern to handle validation errors manually in Express?
Check inputs early in the route handler. If invalid, send a 400 response with an error message and stop further processing.
Click to reveal answer
intermediate
How can manual validation improve security in Express apps?
By checking inputs carefully, you prevent bad or harmful data from reaching your app logic or database. This stops bugs and attacks like injection.
Click to reveal answer
What should you do first in manual validation in Express?
ACheck user input for required fields and types
BSend data to the database
CRender the response page
DIgnore errors and continue
If manual validation fails, what is the best response status code to send?
A400 Bad Request
B200 OK
C500 Internal Server Error
D302 Redirect
Which of these is NOT a good manual validation check?
ACheck if a field is the correct data type
BCheck if the server has enough memory
CCheck if a required field is missing
DCheck if a string is not empty
What happens if you skip manual validation in Express?
AUser input is always correct
BApp runs faster and safer
CApp may crash or behave unexpectedly
DDatabase automatically cleans input
Manual validation is best suited for:
AApps that only use databases
BHuge apps with complex rules only
CApps that never get user input
DSmall apps or learning purposes
Explain how to manually validate a user registration form in Express.
Think about checking each input before saving or responding.
You got /4 concepts.
    Describe the benefits and limitations of manual validation patterns in Express.
    Consider when manual validation is helpful and when it might be better to use libraries.
    You got /4 concepts.

      Practice

      (1/5)
      1. What is the main purpose of manual validation in Express route handlers?
      easy
      A. To check user input step-by-step and catch bad data early
      B. To automatically generate database schemas
      C. To speed up server response time by skipping checks
      D. To style the user interface dynamically

      Solution

      1. Step 1: Understand manual validation role

        Manual validation means checking user input carefully in your code before using it.

      2. Step 2: Identify the main goal

        The goal is to catch bad or incorrect data early to keep the app safe and user-friendly.

      3. Final Answer:

        To check user input step-by-step and catch bad data early -> Option A

      4. Quick Check:

        Manual validation = catch bad data early [OK]
      Hint: Manual validation means checking input carefully yourself [OK]
      Common Mistakes:
      • Thinking validation auto-generates database code
      • Believing validation speeds up server by skipping checks
      • Confusing validation with UI styling
      2. Which of the following is the correct way to manually validate that a request body has a non-empty 'username' field in Express?
      easy
      A. if (req.body.username === undefined) { next(); }
      B. if (!req.body.username) { res.status(400).send('Username required'); }
      C. if (req.body.username.length === 0) { res.sendStatus(200); }
      D. if (req.body.username == null) { res.redirect('/'); }

      Solution

      1. Step 1: Check for missing or empty username

        Using !req.body.username checks if username is missing or empty string.

      2. Step 2: Respond with error status and message

        Sending status 400 with message 'Username required' correctly informs client of bad input.

      3. Final Answer:

        if (!req.body.username) { res.status(400).send('Username required'); } -> Option B

      4. Quick Check:

        Check missing username and send 400 error [OK]
      Hint: Use if (!field) to check missing or empty string [OK]
      Common Mistakes:
      • Using next() instead of sending error response
      • Sending 200 OK on invalid input
      • Redirecting instead of responding with error
      3. Consider this Express route snippet:
      <pre>app.post('/submit', (req, res) => { if (typeof req.body.age !== 'number' || req.body.age < 18) { return res.status(400).send('Age must be 18 or older'); } res.send('Welcome!'); });
      What will be the response if the client sends {"age": 16} in JSON body?
      medium
      A. Status 500 server error
      B. Status 200 with message 'Welcome!'
      C. Status 400 with message 'Age must be 18 or older'
      D. No response, request hangs

      Solution

      1. Step 1: Check age type and value

        The code checks if age is not a number or less than 18. Here age is 16, a number but less than 18.

      2. Step 2: Return 400 error with message

        Since age < 18, the code returns status 400 with message 'Age must be 18 or older'.

      3. Final Answer:

        Status 400 with message 'Age must be 18 or older' -> Option C

      4. Quick Check:

        Age 16 triggers 400 error [OK]
      Hint: Check conditions carefully to predict response status [OK]
      Common Mistakes:
      • Assuming 16 passes validation
      • Expecting 200 OK instead of error
      • Thinking server crashes on invalid input
      4. Identify the bug in this manual validation code snippet:
      app.post('/login', (req, res) => {
  if (req.body.password.length < 8) {
    res.status(400).send('Password too short');
  }
  res.send('Login successful');
});
      medium
      A. Missing return after sending error response causes double response
      B. Password length check should be > 8, not < 8
      C. Should use req.query instead of req.body
      D. res.send should be res.json for JSON response

      Solution

      1. Step 1: Analyze error response flow

        The code sends error response if password is too short but does not stop execution.

      2. Step 2: Identify missing return causes double response

        Without return, the code continues and sends 'Login successful' response, causing error.

      3. Final Answer:

        Missing return after sending error response causes double response -> Option A

      4. Quick Check:

        Return after error response to stop execution [OK]
      Hint: Always return after sending error response to avoid double send [OK]
      Common Mistakes:
      • Thinking length check direction is wrong
      • Confusing req.body with req.query
      • Believing res.send must be res.json
      5. You want to manually validate a user registration form in Express. The form requires 'email' (non-empty string), 'password' (min 8 chars), and 'age' (optional, but if present must be number >= 13). Which code snippet correctly implements this validation?
      hard
      A. if (!req.body.email || req.body.email.length === 0) { return res.status(400).send('Email required'); } if (req.body.password.length < 8) { return res.status(200).send('Password too short'); } if (req.body.age && typeof req.body.age !== 'string') { return res.status(400).send('Age must be a string'); } next();
      B. if (!req.body.email) { res.send('Email missing'); } if (req.body.password.length <= 8) { res.send('Password invalid'); } if (req.body.age < 13) { res.send('Too young'); } next();
      C. if (req.body.email === '') { return res.status(500).send('Email error'); } if (req.body.password.length > 8) { return res.status(400).send('Password too short'); } if (req.body.age && req.body.age < 13) { return res.status(400).send('Age error'); } next();
      D. if (!req.body.email || typeof req.body.email !== 'string') { return res.status(400).send('Email required'); } if (!req.body.password || req.body.password.length < 8) { return res.status(400).send('Password too short'); } if (req.body.age !== undefined && (typeof req.body.age !== 'number' || req.body.age < 13)) { return res.status(400).send('Age must be 13 or older'); } next();

      Solution

      1. Step 1: Validate email presence and type

        if (!req.body.email || typeof req.body.email !== 'string') checks for missing, empty, or non-string email and returns 400 error if invalid.

      2. Step 2: Validate password length correctly

        if (!req.body.password || req.body.password.length < 8) checks for missing or short password (<8 chars) and returns 400 error.

      3. Step 3: Validate optional age correctly

        if (req.body.age !== undefined && (typeof req.body.age !== 'number' || req.body.age < 13)) checks if age provided, then ensures it's a number >=13, returns 400 if invalid.

      4. Final Answer:

        if (!req.body.email || typeof req.body.email !== 'string') { return res.status(400).send('Email required'); } if (!req.body.password || req.body.password.length < 8) { return res.status(400).send('Password too short'); } if (req.body.age !== undefined && (typeof req.body.age !== 'number' || req.body.age < 13)) { return res.status(400).send('Age must be 13 or older'); } next(); -> Option D

      5. Quick Check:

        All fields validated with correct conditions and error codes [OK]
      Hint: Check each field with proper type and conditions, return on error [OK]
      Common Mistakes:
      • Not returning after sending error response
      • Using wrong status codes like 200 or 500 for validation errors
      • Checking wrong types or missing optional field checks