Concept Flow - Input validation patterns
Receive Input
Check Type
Yes
Check Required Fields
Yes
Apply Validation Rules
Return Error
Input validation in GraphQL checks input type, required fields, and rules before running the query or mutation.
0Input validation patterns in GraphQL - Step-by-Step Execution
Start learning this pattern below
Jump into concepts and practice - no test required
or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Execution Sample
GraphQL
mutation AddUser($input: UserInput!) {
addUser(input: $input) {
id
name
}
}This mutation adds a user after validating the input matches UserInput type and rules.
Execution Table
| Step | Action | Input State | Validation Check | Result |
|---|---|---|---|---|
| 1 | Receive input | {"name": "Alice", "age": 25} | Check type UserInput | Pass |
| 2 | Check required fields | name present, age present | All required fields present | Pass |
| 3 | Apply validation rules | age=25 | age >= 18 | Pass |
| 4 | Apply validation rules | name='Alice' | name length > 0 | Pass |
| 5 | Validation complete | All checks passed | Ready to execute mutation | Pass |
| 6 | Execute mutation | Add user to database | N/A | Success |
| 7 | Return result | User id and name | N/A | Success |
💡 Input passes all validation checks, mutation executes successfully
Variable Tracker
| Variable | Start | After Step 1 | After Step 2 | After Step 3 | Final |
|---|---|---|---|---|---|
| input | undefined | {"name": "Alice", "age": 25} | {"name": "Alice", "age": 25} | {"name": "Alice", "age": 25} | {"name": "Alice", "age": 25} |
| validationStatus | undefined | pending | pending | pending | passed |
Key Moments - 3 Insights
Why does the validation fail if a required field is missing?
Because the execution_table row 2 shows that all required fields must be present; missing any required field causes validation to fail and stops execution.
What happens if the input type does not match the expected GraphQL input type?
As shown in row 1, the type check fails and the mutation does not proceed, preventing invalid data from being processed.
Why do we check validation rules like age >= 18 after confirming required fields?
Because required fields must exist first (row 2), then rules like age limits are applied (row 3) to ensure data correctness before mutation.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the validation result at step 3?
💡 Hint
Check the 'Result' column in row 3 of the execution_table
At which step does the mutation actually execute?
💡 Hint
Look for the 'Execute mutation' action in the execution_table
If the input was missing the 'name' field, which step would fail?
💡 Hint
Check the 'Check required fields' validation in step 2 of the execution_table
Concept Snapshot
GraphQL input validation: - Check input type matches schema - Verify all required fields present - Apply custom validation rules (e.g., age >= 18) - Fail early on errors - Proceed to execute mutation/query only if valid
Full Transcript
Input validation patterns in GraphQL start by receiving the input and checking if it matches the expected input type. Then, required fields are verified to be present. After that, specific validation rules like minimum age or string length are applied. If any check fails, the process stops and returns an error. If all checks pass, the mutation or query executes successfully and returns the result. This step-by-step validation ensures only correct and safe data is processed.
Practice
1. What is the main purpose of input validation in GraphQL schemas?
easy
Solution
Step 1: Understand input validation role
Input validation checks data before it is saved or used to avoid errors or security issues.Step 2: Identify main goal in GraphQL
GraphQL uses input validation to keep data safe and correct before processing.Final Answer:
To ensure data is safe and correct before processing -> Option AQuick Check:
Input validation = data safety and correctness [OK]
Hint: Input validation means checking data before use [OK]
Common Mistakes:
- Confusing validation with performance optimization
- Thinking validation auto-generates UI
- Assuming validation stores data
2. Which of the following is a valid way to enforce input validation in a GraphQL schema?
easy
Solution
Step 1: Review GraphQL schema capabilities
GraphQL schemas can define custom scalar types to validate formats like email or date.Step 2: Eliminate invalid options
SQL queries, CSS, and HTML are unrelated to schema validation.Final Answer:
Using custom scalar types for specific formats -> Option DQuick Check:
Custom scalars = validation in schema [OK]
Hint: Custom scalars validate input formats in GraphQL [OK]
Common Mistakes:
- Confusing schema with UI styling
- Trying to embed SQL in schema
- Using HTML tags in schema definitions
3. Given this GraphQL input type and resolver snippet, what happens if the input 'username' is an empty string?
input UserInput {
username: String!
}
resolver createUser(input: UserInput) {
if (input.username.length === 0) {
throw new Error('Username cannot be empty');
}
return saveUser(input);
}medium
Solution
Step 1: Analyze resolver input check
The resolver checks if username length is zero and throws an error if true.Step 2: Understand effect of empty string input
Empty string triggers the error, so user is not saved.Final Answer:
The resolver throws an error and user is not saved -> Option BQuick Check:
Empty username triggers error in resolver [OK]
Hint: Empty string triggers error in resolver check [OK]
Common Mistakes:
- Assuming schema rejects empty string automatically
- Thinking empty username is saved
- Ignoring resolver error handling
4. Identify the error in this GraphQL input validation snippet:
input ProductInput {
price: Float!
}
resolver addProduct(input: ProductInput) {
if (input.price < 0) {
return 'Price must be positive';
}
saveProduct(input);
return 'Product added';
}medium
Solution
Step 1: Check error handling in resolver
The resolver returns a string on error instead of throwing an error, which may not stop execution properly.Step 2: Understand proper error signaling
Throwing an error is standard to halt processing and signal failure in GraphQL.Final Answer:
Returning a string error instead of throwing an error -> Option AQuick Check:
Errors should be thrown, not returned as strings [OK]
Hint: Throw errors, don't return error strings in resolvers [OK]
Common Mistakes:
- Returning error messages instead of throwing
- Confusing Float and Int types
- Ignoring zero price validation
5. You want to enforce that a user's email input is always lowercase and matches a valid email format in GraphQL. Which combination is the best approach?
hard
Solution
Step 1: Understand validation needs
Email must be valid format and lowercase before saving or processing.Step 2: Choose best GraphQL validation method
Custom scalar can enforce format; resolver can transform input to lowercase.Step 3: Evaluate other options
Relying only on String misses validation; directives alone can't transform; database validation is late.Final Answer:
Use a custom scalar for email format and transform input to lowercase in resolver -> Option CQuick Check:
Custom scalar + resolver transform = best validation [OK]
Hint: Combine custom scalar and resolver for format and case [OK]
Common Mistakes:
- Skipping format validation
- Expecting directives to transform input
- Validating only after saving data