[{"data":1,"prerenderedAt":378},["ShallowReactive",2],{"blog-prompts/database-input-validation":3},{"id":4,"title":5,"body":6,"category":357,"date":358,"dateModified":359,"description":360,"draft":361,"extension":362,"faq":363,"featured":361,"headerVariant":364,"image":363,"keywords":363,"meta":365,"navigation":366,"ogDescription":367,"ogTitle":363,"path":368,"readTime":363,"schemaOrg":369,"schemaType":370,"seo":371,"sitemap":372,"stem":373,"tags":374,"twitterCard":376,"__hash__":377},"blog/blog/prompts/database-input-validation.md","Database Input Validation with AI Prompts",{"type":7,"value":8,"toc":347},"minimark",[9,16,21,24,85,89,92,145,149,152,204,214,218,221,268,277,293,297,300,321,335],[10,11,12],"tldr",{},[13,14,15],"p",{},"Validation is defense in depth. Even with parameterized queries, you should validate input types, lengths, and formats before they reach your database. These prompts help you add validation layers using Zod, Joi, or custom validators.",[17,18,20],"h2",{"id":19},"schema-validation-with-zod","Schema Validation with Zod",[13,22,23],{},"Copy this prompt to generate Zod validation schemas that match your database tables. Your AI will create insert schemas (all required fields), update schemas (all optional), and query/filter schemas with proper error messages for each field constraint.",[25,26,28,31,34,37,50,53,67,70,82],"prompt-box",{"title":27},"Zod Schema Validation",[13,29,30],{},"Create Zod schemas to validate input before database operations.",[13,32,33],{},"For these database tables, create validation schemas:",[13,35,36],{},"Table: users",[38,39,40,44,47],"ul",{},[41,42,43],"li",{},"email: valid email, max 255 chars",[41,45,46],{},"username: alphanumeric, 3-30 chars",[41,48,49],{},"age: optional, integer 13-120",[13,51,52],{},"Table: posts",[38,54,55,58,61,64],{},[41,56,57],{},"title: string, 1-200 chars",[41,59,60],{},"content: string, max 50000 chars",[41,62,63],{},"status: enum (draft, published, archived)",[41,65,66],{},"tags: array of strings, max 10 items",[13,68,69],{},"Create:",[71,72,73,76,79],"ol",{},[41,74,75],{},"Insert schemas (all required fields)",[41,77,78],{},"Update schemas (all fields optional)",[41,80,81],{},"Query/filter schemas (for search params)",[13,83,84],{},"Include proper error messages for each validation.",[17,86,88],{"id":87},"type-coercion-and-sanitization","Type Coercion and Sanitization",[13,90,91],{},"Use this prompt to generate input sanitization helpers that safely coerce and clean data from URLs, JSON bodies, and form submissions. You'll get functions for type coercion, whitespace trimming, email normalization, HTML stripping, and date parsing.",[25,93,95,98,101,112,115,135,142],{"title":94},"Input Sanitization",[13,96,97],{},"Add input sanitization for database operations.",[13,99,100],{},"Input sources:",[38,102,103,106,109],{},[41,104,105],{},"URL parameters (always strings)",[41,107,108],{},"JSON body (may have wrong types)",[41,110,111],{},"Form data (strings)",[13,113,114],{},"Create sanitization helpers that:",[71,116,117,120,123,126,129,132],{},[41,118,119],{},"Coerce string IDs to integers safely",[41,121,122],{},"Trim whitespace from strings",[41,124,125],{},"Normalize email to lowercase",[41,127,128],{},"Strip HTML/scripts from text fields",[41,130,131],{},"Parse dates from various formats",[41,133,134],{},"Handle null vs undefined vs empty string",[13,136,137,138],{},"Language: ",[139,140,141],"span",{},"TypeScript/JavaScript/Python",[13,143,144],{},"Return validation errors rather than throwing for invalid input.",[17,146,148],{"id":147},"query-parameter-validation","Query Parameter Validation",[13,150,151],{},"This prompt asks your AI to create reusable validation for database query parameters. You'll get middleware that validates pagination, whitelisted sort columns, date range filters, and search strings with sensible defaults for missing values.",[25,153,155,158,161,175,178,195,201],{"title":154},"Validate Query Params",[13,156,157],{},"Create validation for database query parameters.",[13,159,160],{},"Parameters to validate:",[71,162,163,166,169,172],{},[41,164,165],{},"Pagination: page (int >= 1), limit (int 1-100)",[41,167,168],{},"Sorting: orderBy (whitelist of columns), order (asc/desc)",[41,170,171],{},"Filtering: status, dateFrom, dateTo, search",[41,173,174],{},"IDs: must be valid format (UUID, integer, etc)",[13,176,177],{},"Requirements:",[38,179,180,183,186,189,192],{},[41,181,182],{},"Whitelist allowed orderBy columns",[41,184,185],{},"Validate date ranges make sense (from \u003C to)",[41,187,188],{},"Limit search string length",[41,190,191],{},"Set sensible defaults for missing params",[41,193,194],{},"Reject unexpected parameters",[13,196,197,198],{},"Framework: ",[139,199,200],{},"Express/Fastify/Next.js API routes",[13,202,203],{},"Create middleware or helper functions for reuse.",[205,206,207],"warning-box",{},[13,208,209,213],{},[210,211,212],"strong",{},"Validation isn't a replacement for parameterization:"," Always use parameterized queries even with validated input. Validation catches bad data early but doesn't prevent injection on its own.",[17,215,217],{"id":216},"database-constraint-validation","Database Constraint Validation",[13,219,220],{},"Paste this prompt to generate application-level validation that mirrors your database constraints. Your AI will create validators matching VARCHAR lengths, CHECK constraints, regex patterns, and foreign key references with user-friendly error messages instead of raw database errors.",[25,222,224,227,230,248,251,265],{"title":223},"Match DB Constraints",[13,225,226],{},"Create validation that matches my database constraints.",[13,228,229],{},"Database schema:",[38,231,232,235,242,245],{},[41,233,234],{},"users.email: VARCHAR(255) UNIQUE NOT NULL",[41,236,237,238,241],{},"users.username: VARCHAR(50) UNIQUE, regex ^",[139,239,240],{},"a-z0-9_","+$",[41,243,244],{},"posts.title: VARCHAR(200) NOT NULL",[41,246,247],{},"posts.author_id: FOREIGN KEY to users.id",[13,249,250],{},"Create validation that:",[71,252,253,256,259,262],{},[41,254,255],{},"Enforces the same length limits as VARCHAR",[41,257,258],{},"Matches CHECK constraints and regex patterns",[41,260,261],{},"Pre-validates foreign key IDs exist (optional)",[41,263,264],{},"Returns friendly error messages, not DB errors",[13,266,267],{},"Bonus: Generate validation from Prisma/Drizzle schema if available.",[269,270,271],"tip-box",{},[13,272,273,276],{},[210,274,275],{},"Pro tip:"," Validate at the API boundary, not deep in your code. Catch bad input early in your request handlers before it propagates through your application.",[278,279,280,287],"faq-section",{},[281,282,284],"faq-item",{"question":283},"Should I validate on the frontend and backend?",[13,285,286],{},"Yes. Frontend validation improves UX with instant feedback. Backend validation is required for security since frontend validation can be bypassed.",[281,288,290],{"question":289},"How do I handle validation for optional fields?",[13,291,292],{},"Use .optional() or .nullable() in your schema. Distinguish between a field being absent, null, and an empty string based on your requirements.",[17,294,296],{"id":295},"further-reading","Further Reading",[13,298,299],{},"Want to understand the vulnerability before fixing it? These guides explain what's happening and why.",[38,301,302,309,315],{},[41,303,304],{},[305,306,308],"a",{"href":307},"/blog/how-to/validate-user-input","Input validation guide",[41,310,311],{},[305,312,314],{"href":313},"/blog/vulnerabilities/sql-injection","SQL injection prevention",[41,316,317],{},[305,318,320],{"href":319},"/blog/vulnerabilities/exposed-api-keys","Understanding exposed API keys",[322,323,324,330],"related-articles",{},[325,326],"related-card",{"description":327,"href":328,"title":329},"Prevent SQL injection","/blog/prompts/parameterize-queries","Parameterize Queries",[325,331],{"description":332,"href":333,"title":334},"Find and fix vulnerabilities","/blog/prompts/fix-sql-injection","Fix SQL Injection",[336,337,340,344],"cta-box",{"href":338,"label":339},"/","Start Free Scan",[17,341,343],{"id":342},"scan-for-missing-validation","Scan for Missing Validation",[13,345,346],{},"Find database operations that lack proper input validation.",{"title":348,"searchDepth":349,"depth":349,"links":350},"",2,[351,352,353,354,355,356],{"id":19,"depth":349,"text":20},{"id":87,"depth":349,"text":88},{"id":147,"depth":349,"text":148},{"id":216,"depth":349,"text":217},{"id":295,"depth":349,"text":296},{"id":342,"depth":349,"text":343},"prompts","2026-02-17","2026-03-06","AI prompts for validating user input before database queries. Sanitize, validate types, and enforce constraints to protect your database from bad data.",false,"md",null,"cyan",{},true,"AI prompts for validating input before it reaches your database.","/blog/prompts/database-input-validation","[object Object]","BlogPosting",{"title":5,"description":360},{"loc":368},"blog/prompts/database-input-validation",[375],"Database","summary_large_image","Fkp4d2c9XdtYAY4HMPBdghuFc6WqCPHFB1BQF55QgsA",1775843938609]