Data Validation

<h2 id="data-validation" class="position-relative d-flex align-items-center group"> Data Validation <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="data-validation" aria-haspopup="dialog" aria-label="Share link: Data Validation"> Share link </button> </h2><div id="headingShareModal" class="heading-share-modal" role="dialog" aria-modal="true" aria-labelledby="headingShareTitle" hidden> <div class="hsm-dialog" role="document"> <div class="hsm-header"> <h2 id="headingShareTitle" class="h6 mb-0 fw-bold">Share this section</h2> <button type="button" class="hsm-close" aria-label="Close"> </button> </div> <div class="hsm-body"> <label for="headingShareInput" class="form-label small text-muted mb-1 text-uppercase fw-bold" style="font-size: 0.7rem; letter-spacing: 0.5px;">Permalink</label> <div class="input-group mb-4 hsm-url-group"> <input id="headingShareInput" type="text" class="form-control font-monospace" readonly aria-readonly="true" style="font-size: 0.85rem;" /> <button class="btn btn-primary hsm-copy" type="button" aria-label="Copy" title="Copy"> </button> </div> <div class="small fw-bold mb-2 text-muted text-uppercase" style="font-size: 0.7rem; letter-spacing: 0.5px;">Share via</div> <div class="hsm-share-grid"> <a id="share-twitter" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer"> Twitter </a> <a id="share-linkedin" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer"> LinkedIn </a> <a id="share-facebook" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer"> Facebook </a> </div> </div> </div> </div> <style> .heading-share-modal { position: fixed; inset: 0; display: flex; justify-content: center; align-items: center; background: rgba(0, 0, 0, 0.6); z-index: 1050; padding: 1rem; backdrop-filter: blur(4px); -webkit-backdrop-filter: blur(4px); } .heading-share-modal[hidden] { display: none !important; } .hsm-dialog { max-width: 420px; width: 100%; background: var(--bs-body-bg, #fff); color: var(--bs-body-color, #212529); border: 1px solid var(--bs-border-color, rgba(0,0,0,0.1)); border-radius: 1rem; box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.25); overflow: hidden; animation: hsm-fade-in 0.2s ease-out; } @keyframes hsm-fade-in { from { opacity: 0; transform: scale(0.95); } to { opacity: 1; transform: scale(1); } } [data-bs-theme="dark"] .hsm-dialog { background: #1e293b; border-color: rgba(255,255,255,0.1); color: #f8f9fa; } .hsm-header { display: flex; justify-content: space-between; align-items: center; padding: 1rem 1.5rem; border-bottom: 1px solid var(--bs-border-color, rgba(0,0,0,0.1)); background: rgba(0,0,0,0.02); } [data-bs-theme="dark"] .hsm-header { background: rgba(255,255,255,0.02); border-color: rgba(255,255,255,0.1); } .hsm-close { background: transparent; border: none; color: inherit; opacity: 0.5; padding: 0.25rem 0.5rem; border-radius: 0.25rem; font-size: 1.2rem; line-height: 1; transition: opacity 0.2s; } .hsm-close:hover { opacity: 1; } .hsm-body { padding: 1.5rem; } .hsm-url-group { display: flex !important; align-items: stretch; } .hsm-url-group .form-control { flex: 1; min-width: 0; margin: 0; background: var(--bs-secondary-bg, #f8f9fa); border-color: var(--bs-border-color, #dee2e6); border-top-right-radius: 0; border-bottom-right-radius: 0; height: 42px; } .hsm-url-group .btn { flex: 0 0 auto; margin: 0; margin-left: -1px; border-top-left-radius: 0; border-bottom-left-radius: 0; height: 42px; display: flex; align-items: center; justify-content: center; padding: 0 1.25rem; z-index: 2; } [data-bs-theme="dark"] .hsm-url-group .form-control { background: #0f172a; border-color: #334155; color: #e2e8f0; } .hsm-share-grid { display: flex; flex-direction: column; gap: 0.5rem; } .hsm-share-grid .btn { display: flex; align-items: center; justify-content: center; font-size: 0.9rem; padding: 0.6rem; border-color: var(--bs-border-color); width: 100%; } [data-bs-theme="dark"] .hsm-share-grid .btn { color: #e2e8f0; border-color: #475569; } [data-bs-theme="dark"] .hsm-share-grid .btn:hover { background: #334155; border-color: #cbd5e1; } </style> <script> (function(){ const modal = document.getElementById('headingShareModal'); if(!modal) return; const input = modal.querySelector('#headingShareInput'); const copyBtn = modal.querySelector('.hsm-copy'); const twitter = modal.querySelector('#share-twitter'); const linkedin = modal.querySelector('#share-linkedin'); const facebook = modal.querySelector('#share-facebook'); const closeBtn = modal.querySelector('.hsm-close'); let lastFocus=null; let trapBound=false; function buildUrl(id){ return window.location.origin + window.location.pathname + '#' + id; } function isOpen(){ return !modal.hasAttribute('hidden'); } function hydrate(id){ const url=buildUrl(id); input.value=url; const enc=encodeURIComponent(url); const text=encodeURIComponent(document.title); if(twitter) twitter.href=`https://twitter.com/intent/tweet?url=${enc}&text=${text}`; if(linkedin) linkedin.href=`https://www.linkedin.com/sharing/share-offsite/?url=${enc}`; if(facebook) facebook.href=`https://www.facebook.com/sharer/sharer.php?u=${enc}`; } function openModal(id){ lastFocus=document.activeElement; hydrate(id); if(!isOpen()){ modal.removeAttribute('hidden'); } requestAnimationFrame(()=>{ input.focus(); }); trapFocus(); } function closeModal(){ if(!isOpen()) return; modal.setAttribute('hidden',''); if(lastFocus && typeof lastFocus.focus==='function') lastFocus.focus(); } function copyCurrent(){ try{ navigator.clipboard.writeText(input.value).then(()=>feedback(true),()=>fallback()); } catch(e){ fallback(); } } function fallback(){ input.select(); try{ document.execCommand('copy'); feedback(true);}catch(e){ feedback(false);} } function feedback(ok){ if(!copyBtn) return; const icon=copyBtn.querySelector('i'); if(!icon) return; const prev=copyBtn.getAttribute('data-prev')||icon.className; if(!copyBtn.getAttribute('data-prev')) copyBtn.setAttribute('data-prev',prev); icon.className= ok ? 'fa-duotone fa-clipboard-check':'fa-duotone fa-circle-exclamation'; setTimeout(()=>{ icon.className=prev; },1800); } function handleShareClick(e){ e.preventDefault(); const btn=e.currentTarget; const id=btn.getAttribute('data-share-target'); if(id) openModal(id); } function bindShareButtons(){ document.querySelectorAll('.h-share').forEach(btn=>{ if(!btn.dataset.hShareBound){ btn.addEventListener('click', handleShareClick); btn.dataset.hShareBound='1'; } }); } bindShareButtons(); if(document.readyState==='loading'){ document.addEventListener('DOMContentLoaded', bindShareButtons); } else { requestAnimationFrame(bindShareButtons); } document.addEventListener('click', function(e){ const shareBtn=e.target.closest && e.target.closest('.h-share'); if(shareBtn && !shareBtn.dataset.hShareBound){ handleShareClick.call(shareBtn, e); } }, true); document.addEventListener('click', e=>{ if(e.target===modal) closeModal(); if(e.target.closest && e.target.closest('.hsm-close')){ e.preventDefault(); closeModal(); } if(copyBtn && (e.target===copyBtn || (e.target.closest && e.target.closest('.hsm-copy')))) { e.preventDefault(); copyCurrent(); } }); document.addEventListener('keydown', e=>{ if(e.key==='Escape' && isOpen()) closeModal(); }); function trapFocus(){ if(trapBound) return; trapBound=true; modal.addEventListener('keydown', f=>{ if(f.key==='Tab' && isOpen()){ const focusable=[...modal.querySelectorAll('a[href],button,input,textarea,select,[tabindex]:not([tabindex="-1"])')].filter(el=>!el.hasAttribute('disabled')); if(!focusable.length) return; const first=focusable[0]; const last=focusable[focusable.length-1]; if(f.shiftKey && document.activeElement===first){ f.preventDefault(); last.focus(); } else if(!f.shiftKey && document.activeElement===last){ f.preventDefault(); first.focus(); } } }); } if(closeBtn) closeBtn.addEventListener('click', e=>{ e.preventDefault(); closeModal(); }); })(); </script>Data validation is the process of ensuring that data conforms to defined rules, formats, and business requirements before it enters or is updated in your Geode graph database. Effective validation prevents data quality issues, maintains referential integrity, and enforces domain-specific constraints across your graph. Geode supports multi-layer validation from database schema constraints to application-level validation logic. <h3 id="why-multi-layer-validation-matters" class="position-relative d-flex align-items-center group"> Why Multi-Layer Validation Matters <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="why-multi-layer-validation-matters" aria-haspopup="dialog" aria-label="Share link: Why Multi-Layer Validation Matters"> Share link </button> </h3>Relying solely on application-level validation is risky—bugs, API changes, or direct database access can bypass these checks. Conversely, database-only validation can be too rigid for complex business rules. A layered approach provides defense in depth: <ol> <li>Schema Layer: Type checking, NOT NULL, UNIQUE, CHECK constraints</li> <li>Database Layer: Custom validation functions, triggers, complex business rules</li> <li>Application Layer: User experience, async validation, cross-system checks</li> <li>Client Layer: Immediate feedback, format validation, UX optimization</li> </ol> <h3 id="schema-level-validation" class="position-relative d-flex align-items-center group"> Schema-Level Validation <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="schema-level-validation" aria-haspopup="dialog" aria-label="Share link: Schema-Level Validation"> Share link </button> </h3>Schema constraints provide the first and most critical validation layer. These constraints are enforced by Geode at the storage engine level. <h4 id="type-and-format-validation" class="position-relative d-flex align-items-center group"> Type and Format Validation <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="type-and-format-validation" aria-haspopup="dialog" aria-label="Share link: Type and Format Validation"> Share link </button> </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- Basic type and format validation CREATE NODE TYPE Person ( email STRING CHECK (email LIKE '%@%.%' AND LENGTH(email) <= 255), age INTEGER CHECK (age >= 0 AND age <= 150), phone STRING CHECK (phone ~ '^\+?[0-9]{10,15}$'), -- E.164 format ssn STRING CHECK (ssn ~ '^\d{3}-\d{2}-\d{4}$'), -- US SSN format postal_code STRING CHECK (postal_code ~ '^[0-9]{5}(-[0-9]{4})?$') -- US ZIP ); -- SKU and product code patterns CREATE NODE TYPE Product ( sku STRING CHECK (sku ~ '^[A-Z]{2,3}-[0-9]{6}$'), -- Format: AB-123456 upc STRING CHECK (upc ~ '^\d{12}$'), -- UPC-A barcode price DECIMAL CHECK (price > 0), weight_kg DECIMAL CHECK (weight_kg > 0 AND weight_kg < 1000) ); -- URL and domain validation CREATE NODE TYPE Website ( url STRING CHECK (url ~ '^https?://[a-zA-Z0-9.-]+\.[a-z]{2,}(/.*)?$'), domain STRING CHECK (domain ~ '^[a-zA-Z0-9.-]+\.[a-z]{2,}$') ); </code></pre></div> <h4 id="range-and-enumeration-validation" class="position-relative d-flex align-items-center group"> Range and Enumeration Validation <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="range-and-enumeration-validation" aria-haspopup="dialog" aria-label="Share link: Range and Enumeration Validation"> Share link </button> </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- Numeric ranges CREATE NODE TYPE Booking ( guests INTEGER CHECK (guests >= 1 AND guests <= 20), nights INTEGER CHECK (nights >= 1 AND nights <= 365), room_number INTEGER CHECK (room_number >= 100 AND room_number <= 9999) ); -- Enumerated values CREATE NODE TYPE Order ( status STRING CHECK (status IN ('draft', 'pending', 'processing', 'shipped', 'delivered', 'cancelled', 'refunded')), priority STRING CHECK (priority IN ('low', 'normal', 'high', 'urgent')), payment_method STRING CHECK (payment_method IN ('credit_card', 'debit_card', 'paypal', 'bank_transfer', 'cash')) ); -- Percentage constraints CREATE NODE TYPE Discount ( percentage DECIMAL CHECK (percentage >= 0 AND percentage <= 100), min_order_value DECIMAL CHECK (min_order_value >= 0) ); </code></pre></div> <h4 id="cross-property-validation" class="position-relative d-flex align-items-center group"> Cross-Property Validation <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="cross-property-validation" aria-haspopup="dialog" aria-label="Share link: Cross-Property Validation"> Share link </button> </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- Date range validation CREATE NODE TYPE Event ( registration_start DATE NOT NULL, registration_end DATE NOT NULL, event_start DATE NOT NULL, event_end DATE NOT NULL, CONSTRAINT valid_registration_period CHECK (registration_end >= registration_start), CONSTRAINT valid_event_period CHECK (event_end >= event_start), CONSTRAINT registration_before_event CHECK (registration_end <= event_start) ); -- Conditional requirements CREATE NODE TYPE Employee ( employment_type STRING CHECK (employment_type IN ('full_time', 'part_time', 'contractor')), annual_salary DECIMAL, hourly_rate DECIMAL, benefits_eligible BOOLEAN, CONSTRAINT compensation_model CHECK ( (employment_type = 'full_time' AND annual_salary IS NOT NULL AND hourly_rate IS NULL) OR (employment_type IN ('part_time', 'contractor') AND annual_salary IS NULL AND hourly_rate IS NOT NULL) ), CONSTRAINT benefits_eligibility CHECK ( employment_type = 'full_time' OR benefits_eligible = false ) ); -- Price consistency CREATE NODE TYPE Product ( base_price DECIMAL NOT NULL CHECK (base_price > 0), sale_price DECIMAL CHECK (sale_price > 0), cost DECIMAL CHECK (cost > 0), CONSTRAINT sale_below_base CHECK (sale_price IS NULL OR sale_price <= base_price), CONSTRAINT positive_margin CHECK (base_price > cost) ); </code></pre></div> <h3 id="custom-validation-functions" class="position-relative d-flex align-items-center group"> Custom Validation Functions <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="custom-validation-functions" aria-haspopup="dialog" aria-label="Share link: Custom Validation Functions"> Share link </button> </h3>Create reusable validation logic as database functions: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- Email validation function CREATE FUNCTION is_valid_email(email STRING) RETURNS BOOLEAN AS $$ SELECT email IS NOT NULL AND email ~ '^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$' AND LENGTH(email) >= 5 AND LENGTH(email) <= 255 AND email NOT LIKE '%@%@%' -- No multiple @ signs $$; -- Phone number validation (international) CREATE FUNCTION is_valid_phone(phone STRING) RETURNS BOOLEAN AS $$ SELECT phone ~ '^\+?[1-9]\d{1,14}$' -- E.164 format $$; -- Credit card validation (Luhn algorithm) CREATE FUNCTION is_valid_credit_card(number STRING) RETURNS BOOLEAN AS $$ -- Simplified Luhn check SELECT LENGTH(number) BETWEEN 13 AND 19 AND number ~ '^\d+$' AND luhn_checksum(number) = 0 $$; -- Use in schema constraints ALTER NODE TYPE Person ADD CONSTRAINT check_email CHECK (is_valid_email(email)); ALTER NODE TYPE Person ADD CONSTRAINT check_phone CHECK (is_valid_phone(phone)); </code></pre></div> <h3 id="application-level-validation" class="position-relative d-flex align-items-center group"> Application-Level Validation <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="application-level-validation" aria-haspopup="dialog" aria-label="Share link: Application-Level Validation"> Share link </button> </h3>Application-layer validation provides richer error messages, async checks, and user experience optimization. <h4 id="python-validation-with-marshmallow" class="position-relative d-flex align-items-center group"> Python Validation with Marshmallow <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="python-validation-with-marshmallow" aria-haspopup="dialog" aria-label="Share link: Python Validation with Marshmallow"> Share link </button> </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python">from marshmallow import Schema, fields, validates, validates_schema, ValidationError from geode_client import Client import re class PersonSchema(Schema): email = fields.Email(required=True) age = fields.Integer(required=True) name = fields.String(required=True, validate=lambda n: len(n) >= 2) phone = fields.String(allow_none=True) password = fields.String(required=True, load_only=True) @validates('age') def validate_age(self, value): if value < 0 or value > 150: raise ValidationError("Age must be between 0 and 150") @validates('phone') def validate_phone(self, value): if value and not re.match(r'^\+?[1-9]\d{1,14}$', value): raise ValidationError("Invalid phone number format") @validates('password') def validate_password(self, value): if len(value) < 8: raise ValidationError("Password must be at least 8 characters") if not re.search(r'[A-Z]', value): raise ValidationError("Password must contain uppercase letter") if not re.search(r'[0-9]', value): raise ValidationError("Password must contain number") @validates_schema def validate_business_rules(self, data, **kwargs): # Cross-field validation if data.get('age', 0) < 18 and data.get('email', '').endswith('.edu'): raise ValidationError("Users under 18 cannot use .edu emails") async def create_person(client: Client, person_data: dict): """Create person with validation.""" schema = PersonSchema() try: # Validate input data validated = schema.load(person_data) except ValidationError as err: return {"success": False, "errors": err.messages} # Check uniqueness (async validation) exists, _ = await client.query( "MATCH (p:Person {email: $email}) RETURN count(p) AS count", {"email": validated['email']} ) if exists.bindings[0]['count'] > 0: return {"success": False, "errors": {"email": ["Email already exists"]}} # Insert validated data try: result, _ = await client.query( """INSERT (p:Person { email: $email, name: $name, age: $age, phone: $phone }) RETURN p""", validated ) return {"success": True, "person": result.bindings[0]['p']} except Exception as e: return {"success": False, "errors": {"database": [str(e)]}} </code></pre></div> <h4 id="go-validation-with-validator-library" class="position-relative d-flex align-items-center group"> Go Validation with Validator Library <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="go-validation-with-validator-library" aria-haspopup="dialog" aria-label="Share link: Go Validation with Validator Library"> Share link </button> </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-go" data-lang="go">package main import ( "context" "fmt" "github.com/go-playground/validator/v10" "geodedb.com/geode" ) type Person struct { Email string `validate:"required,email,max=255"` Age int `validate:"required,min=0,max=150"` Name string `validate:"required,min=2,max=100"` Phone string `validate:"omitempty,e164"` // E.164 phone format Password string `validate:"required,min=8,containsany=ABCDEFGHIJKLMNOPQRSTUVWXYZ,containsany=0123456789"` } func CreatePerson(ctx context.Context, db *geode.DB, p *Person) error { // Validate struct validate := validator.New() if err := validate.Struct(p); err != nil { validationErrs := err.(validator.ValidationErrors) return fmt.Errorf("validation failed: %v", validationErrs) } // Check uniqueness var count int err := db.QueryRowContext(ctx, "MATCH (p:Person {email: $1}) RETURN count(p)", p.Email).Scan(&count) if err != nil { return fmt.Errorf("uniqueness check failed: %w", err) } if count > 0 { return fmt.Errorf("email already exists: %s", p.Email) } // Insert person _, err = db.ExecContext(ctx, `INSERT (p:Person { email: $1, name: $2, age: $3, phone: $4 })`, p.Email, p.Name, p.Age, p.Phone) return err } </code></pre></div> <h4 id="rust-validation-with-validator-crate" class="position-relative d-flex align-items-center group"> Rust Validation with Validator Crate <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="rust-validation-with-validator-crate" aria-haspopup="dialog" aria-label="Share link: Rust Validation with Validator Crate"> Share link </button> </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-rust" data-lang="rust">use validator::{Validate, ValidationError}; use geode_client::{Client, Value}; use std::collections::HashMap; #[derive(Debug, Validate)] struct Person { #[validate(email, length(max = 255))] email: String, #[validate(range(min = 0, max = 150))] age: i32, #[validate(length(min = 2, max = 100))] name: String, #[validate(phone)] phone: Option<String>, #[validate(length(min = 8), custom = "validate_password_strength")] password: String, } fn validate_password_strength(password: &str) -> Result<(), ValidationError> { let has_upper = password.chars().any(|c| c.is_uppercase()); let has_digit = password.chars().any(|c| c.is_numeric()); if !has_upper || !has_digit { return Err(ValidationError::new("password_weak")); } Ok(()) } async fn create_person(client: &Client, person: &Person) -> Result<(), Box<dyn std::error::Error>> { // Validate person.validate()?; // Check uniqueness let mut params = HashMap::new(); params.insert("email", Value::String(person.email.clone())); let result = client.execute( "MATCH (p:Person {email: $email}) RETURN count(p) AS count", &params ).await?; let count = result.bindings[0]["count"].as_i64().unwrap_or(0); if count > 0 { return Err("Email already exists".into()); } // Insert let mut insert_params = HashMap::new(); insert_params.insert("email", Value::String(person.email.clone())); insert_params.insert("name", Value::String(person.name.clone())); insert_params.insert("age", Value::Integer(person.age as i64)); client.execute( "INSERT (p:Person {email: $email, name: $name, age: $age})", &insert_params ).await?; Ok(()) } </code></pre></div> <h3 id="input-sanitization-and-security" class="position-relative d-flex align-items-center group"> Input Sanitization and Security <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="input-sanitization-and-security" aria-haspopup="dialog" aria-label="Share link: Input Sanitization and Security"> Share link </button> </h3>Always sanitize user input to prevent injection attacks and data corruption. <h4 id="gql-injection-prevention" class="position-relative d-flex align-items-center group"> GQL Injection Prevention <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="gql-injection-prevention" aria-haspopup="dialog" aria-label="Share link: GQL Injection Prevention"> Share link </button> </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python"># NEVER construct queries with string concatenation # BAD - vulnerable to injection user_email = request.form['email'] query = f"MATCH (p:Person {{email: '{user_email}'}}) RETURN p" # DANGEROUS! # GOOD - use parameterized queries await client.execute( "MATCH (p:Person {email: $email}) RETURN p", {"email": user_email} ) </code></pre></div> <h4 id="xss-prevention" class="position-relative d-flex align-items-center group"> XSS Prevention <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="xss-prevention" aria-haspopup="dialog" aria-label="Share link: XSS Prevention"> Share link </button> </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python">from html import escape from bleach import clean def sanitize_text_input(text: str) -> str: """Remove HTML and trim whitespace.""" return escape(text.strip()) def sanitize_rich_text(html: str) -> str: """Allow safe HTML tags only.""" allowed_tags = ['p', 'br', 'strong', 'em', 'ul', 'ol', 'li', 'a'] allowed_attrs = {'a': ['href', 'title']} return clean(html, tags=allowed_tags, attributes=allowed_attrs, strip=True) # Use in application user_bio = sanitize_rich_text(request.form['bio']) user_name = sanitize_text_input(request.form['name']) </code></pre></div> <h4 id="path-traversal-prevention" class="position-relative d-flex align-items-center group"> Path Traversal Prevention <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="path-traversal-prevention" aria-haspopup="dialog" aria-label="Share link: Path Traversal Prevention"> Share link </button> </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python">import os from pathlib import Path def validate_filename(filename: str) -> str: """Ensure filename is safe and doesn't contain path traversal.""" # Remove directory separators safe_name = os.path.basename(filename) # Check for suspicious patterns if '..' in safe_name or safe_name.startswith('.'): raise ValueError("Invalid filename") # Limit character set if not all(c.isalnum() or c in '.-_' for c in safe_name): raise ValueError("Filename contains invalid characters") return safe_name </code></pre></div> <h3 id="validation-error-handling" class="position-relative d-flex align-items-center group"> Validation Error Handling <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="validation-error-handling" aria-haspopup="dialog" aria-label="Share link: Validation Error Handling"> Share link </button> </h3> <h4 id="structured-error-responses" class="position-relative d-flex align-items-center group"> Structured Error Responses <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="structured-error-responses" aria-haspopup="dialog" aria-label="Share link: Structured Error Responses"> Share link </button> </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python">from dataclasses import dataclass, field from typing import List, Dict, Any @dataclass class ValidationError: field: str message: str code: str value: Any = None @dataclass class ValidationResult: valid: bool = True errors: List[ValidationError] = field(default_factory=list) warnings: List[ValidationError] = field(default_factory=list) def add_error(self, field: str, message: str, code: str = "invalid", value: Any = None): self.valid = False self.errors.append(ValidationError(field, message, code, value)) def add_warning(self, field: str, message: str, code: str = "warning"): self.warnings.append(ValidationError(field, message, code)) def to_dict(self) -> Dict[str, Any]: return { "valid": self.valid, "errors": [{"field": e.field, "message": e.message, "code": e.code} for e in self.errors], "warnings": [{"field": w.field, "message": w.message, "code": w.code} for w in self.warnings] } async def validate_order(order_data: dict) -> ValidationResult: result = ValidationResult() # Required fields if not order_data.get('customer_id'): result.add_error('customer_id', 'Customer ID is required', 'required') if not order_data.get('items') or len(order_data['items']) == 0: result.add_error('items', 'Order must contain at least one item', 'min_items') # Business rules total = sum(item['price'] * item['quantity'] for item in order_data.get('items', [])) if total < 5.00: result.add_warning('total', f'Order total ${total:.2f} is below minimum ${5.00}', 'below_minimum') return result </code></pre></div> <h3 id="best-practices" class="position-relative d-flex align-items-center group"> Best Practices <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="best-practices" aria-haspopup="dialog" aria-label="Share link: Best Practices"> Share link </button> </h3><ol> <li>Validate Early and Often: Check data at the earliest possible layer</li> <li>Use Schema Constraints: Enforce data types and ranges at the database level</li> <li>Provide Clear Error Messages: Users need actionable feedback</li> <li>Sanitize All Input: Never trust user-provided data</li> <li>Use Parameterized Queries: Prevent injection attacks</li> <li>Log Validation Failures: Track patterns of invalid data for improvement</li> <li>Test Validation Logic: Write unit tests for all validators</li> <li>Document Validation Rules: Maintain a catalog of business rules</li> <li>Version Validation Rules: Track changes to validation logic</li> <li>Balance UX and Security: Validate strictly but provide helpful guidance</li> </ol> <h3 id="common-validation-patterns" class="position-relative d-flex align-items-center group"> Common Validation Patterns <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="common-validation-patterns" aria-haspopup="dialog" aria-label="Share link: Common Validation Patterns"> Share link </button> </h3>Email Uniqueness: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python">async def check_email_unique(email: str) -> bool: result, _ = await client.query( "MATCH (p:Person {email: $email}) RETURN count(p) AS count", {"email": email} ) return result.bindings[0]['count'] == 0 </code></pre></div>Age Verification: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">CHECK (EXTRACT(YEAR FROM AGE(CURRENT_DATE, date_of_birth)) >= 18) </code></pre></div>Stock Availability: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">CONSTRAINT check_stock CHECK (quantity_ordered <= quantity_available) </code></pre></div> <h3 id="troubleshooting" class="position-relative d-flex align-items-center group"> Troubleshooting <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="troubleshooting" aria-haspopup="dialog" aria-label="Share link: Troubleshooting"> Share link </button> </h3>Schema constraint too strict: Consider if the rule belongs in application layer Performance issues with complex checks: Move expensive validation to async background jobs Inconsistent validation across clients: Centralize validation rules in database functions or shared library Users bypassing validation: Ensure all entry points (API, admin tools, imports) use same validation <h3 id="related-topics" class="position-relative d-flex align-items-center group"> Related Topics <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="related-topics" aria-haspopup="dialog" aria-label="Share link: Related Topics"> Share link </button> </h3><ul> <li><a href="/tags/constraints" >Constraints</a> - Schema-level constraint enforcement</li> <li><a href="/tags/data-quality" >Data Quality</a> - Overall data quality management</li> <li><a href="/tags/security" >Security</a> - Security best practices</li> <li><a href="/tags/security/" >Sanitization</a> - Input sanitization techniques</li> <li><a href="/tags/transactions" >Transactions</a> - Transactional validation</li> <li><a href="/tags/troubleshooting/" >Error Handling</a> - Handling validation errors</li> </ul>

Popular

Related Articles