We use cookies to give you a better experience. Carry on browsing if you're happy with this, or read our cookies policy for more information.

Skip main navigation

Input validation

Input validation
© University of Southampton 2017
SQL injection attacks are a special case of a more general type of attack.
Whenever a program, be that an Android app, a web server, or some other kind of system, takes input from the outside world, an attacker may try to exploit this to attack the system.
By carefully crafting a malicious input, an attacker may be able to get the system to do something that the designer did not intend. This could involve access to sensitive data, but equally it could result in real physical damage, or possibly even serious injuries or fatalities (remember the Jeep Cherokee hack in week 1!).

Input validation

It is therefore vitally important that a program always:
  1. carefully checks all inputs for dangerous values, or
  2. enforces strong restrictions on how the inputs are used.
The parameterised query that we used to fix BuggyTheApp is an example of the latter approach.
Enforcing strong restrictions on how user inputs are used is the preferred solution, as correctly filtering out dangerous values can be hard to get right and error prone.
© University of Southampton 2017
This article is from the free online

Secure Android App Development

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education