Bird
Raised Fist0
Expressframework~5 mins

Validating body fields in Express

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction

We check the data sent by users to make sure it is correct and safe before using it.

When a user submits a form with information like name or email.
When your app receives data to create or update something in the database.
When you want to prevent wrong or harmful data from entering your system.
Syntax
Express
app.post('/route', (req, res) => {
  const { field } = req.body;
  if (!field) {
    return res.status(400).send('Field is required');
  }
  // continue processing
});
Use req.body to access data sent in the request body.
Always send a clear error message if validation fails.
Examples
Checks if the email field is present before continuing.
Express
app.post('/signup', (req, res) => {
  const { email } = req.body;
  if (!email) {
    return res.status(400).send('Email is required');
  }
  res.send('Signup successful');
});
Validates that both username and password are provided.
Express
app.post('/login', (req, res) => {
  const { username, password } = req.body;
  if (!username || !password) {
    return res.status(400).send('Username and password are required');
  }
  res.send('Login successful');
});
Ensures quantity is a positive number before proceeding.
Express
app.post('/order', (req, res) => {
  const { quantity } = req.body;
  if (typeof quantity !== 'number' || quantity <= 0) {
    return res.status(400).send('Quantity must be a positive number');
  }
  res.send('Order placed');
});
Sample Program

This Express app listens for POST requests to /register. It checks if the username and password are sent and if the password is long enough. If any check fails, it sends an error message. Otherwise, it confirms registration.

Express
import express from 'express';

const app = express();
app.use(express.json());

app.post('/register', (req, res) => {
  const { username, password } = req.body;

  if (!username) {
    return res.status(400).send('Username is required');
  }

  if (!password) {
    return res.status(400).send('Password is required');
  }

  if (password.length < 6) {
    return res.status(400).send('Password must be at least 6 characters');
  }

  res.send(`User ${username} registered successfully`);
});

app.listen(3000, () => {
  console.log('Server running on http://localhost:3000');
});
OutputSuccess
Important Notes

Always use express.json() middleware to parse JSON body data.

Validation helps keep your app safe and working well.

For complex validation, consider libraries like Joi or express-validator.

Summary

Check user data in req.body before using it.

Send clear error messages if data is missing or wrong.

Use middleware to parse JSON body data.

Practice

(1/5)
1. What is the main reason to validate fields in req.body in an Express app?
easy
A. To log user data for analytics
B. To speed up the server response time
C. To change the data format automatically
D. To ensure the data received is complete and correct before processing

Solution

  1. Step 1: Understand the purpose of validation

    Validation checks if the data sent by the user is complete and correct.

  2. Step 2: Identify the benefit of validation

    It prevents errors and security issues by stopping bad data early.

  3. Final Answer:

    To ensure the data received is complete and correct before processing -> Option D

  4. Quick Check:

    Validation = Check data correctness [OK]
Hint: Validation means checking data before use [OK]
Common Mistakes:
  • Thinking validation speeds up server
  • Assuming validation changes data format
  • Confusing validation with logging
2. Which middleware is required to parse JSON body data in Express before validating fields?
easy
A. express.json()
B. express.static()
C. express.urlencoded()
D. express.raw()

Solution

  1. Step 1: Identify middleware for JSON parsing

    express.json() parses incoming JSON request bodies into JavaScript objects.

  2. Step 2: Compare with other middleware

    express.urlencoded() parses URL-encoded data, express.static() serves files, express.raw() parses raw buffer data.

  3. Final Answer:

    express.json() -> Option A

  4. Quick Check:

    JSON body parsing = express.json() [OK]
Hint: Use express.json() to parse JSON body data [OK]
Common Mistakes:
  • Using express.static() for body parsing
  • Confusing urlencoded with JSON parsing
  • Skipping middleware before validation
3. Given this Express route, what will be the response if req.body.name is missing? 
app.post('/user', (req, res) => {
  if (!req.body.name) {
    return res.status(400).send('Name is required');
  }
  res.send(`Hello, ${req.body.name}`);
});
medium
A. Hello, undefined
B. Name is required
C. 500 Internal Server Error
D. Empty response

Solution

  1. Step 1: Check the condition for missing name

    The code checks if req.body.name is falsy (missing or empty).

  2. Step 2: Understand the response when name is missing

    If missing, it sends status 400 with message 'Name is required'.

  3. Final Answer:

    Name is required -> Option B

  4. Quick Check:

    Missing name triggers 400 error message [OK]
Hint: Missing field triggers error response [OK]
Common Mistakes:
  • Assuming undefined is sent as name
  • Expecting server error instead of 400
  • Thinking response is empty
4. What is wrong with this Express validation code? 
app.post('/login', (req, res) => {
  if (req.body.username === undefined || req.body.password === undefined) {
    res.status(400).send('Missing fields');
  }
  res.send('Login success');
});
medium
A. It should check for null instead of undefined
B. It uses strict equality instead of loose equality
C. It does not stop execution after sending error response
D. It should use res.json() instead of res.send()

Solution

  1. Step 1: Analyze the error handling flow

    The code sends a 400 error but does not return or stop, so it continues to send success response.

  2. Step 2: Identify the fix

    Adding 'return' before res.status(400).send(...) stops further execution.

  3. Final Answer:

    It does not stop execution after sending error response -> Option C

  4. Quick Check:

    Missing return causes double response [OK]
Hint: Return after sending error to stop code [OK]
Common Mistakes:
  • Ignoring missing return after res.send()
  • Confusing equality checks with flow control
  • Thinking res.json() is required for errors
5. You want to validate that req.body.age is a number greater than 18 before processing. Which code snippet correctly validates this and sends a 400 error if invalid?
hard
A. if (!req.body.age || typeof req.body.age !== 'number' || req.body.age <= 18) { return res.status(400).send('Age must be a number over 18'); }
B. if (req.body.age <= 18) { res.status(400).send('Age must be over 18'); }
C. if (typeof req.body.age === 'string' && req.body.age > 18) { return res.status(400).send('Invalid age'); }
D. if (!req.body.age || req.body.age < 18) { res.send('Age is valid'); }

Solution

  1. Step 1: Check for presence and type of age

    Code verifies age exists and is a number using typeof.

  2. Step 2: Check age value is greater than 18

    It ensures age is over 18, else sends 400 error with message.

  3. Step 3: Confirm proper use of return to stop execution

    Return stops further processing after error response.

  4. Final Answer:

    if (!req.body.age || typeof req.body.age !== 'number' || req.body.age <= 18) { return res.status(400).send('Age must be a number over 18'); } -> Option A

  5. Quick Check:

    Check presence, type, and value with return [OK]
Hint: Check type and value, return on error [OK]
Common Mistakes:
  • Not checking type before comparing
  • Missing return after sending error
  • Sending success message on invalid data