Should I validate on the client, server, or both?

Always validate on the server — client-side validation can be bypassed. Client-side validation is a UX enhancement that provides fast feedback. Never trust client-side validation alone.

How do I handle international input like phone numbers and postcodes?

For phone numbers, use the libphonenumber library which handles all international formats. For postcodes, validate per country — specify the target countries in business_rules and the AI will generate country-specific patterns.

What is the difference between validation and sanitisation?

Validation checks if data conforms to rules (returns errors). Sanitisation modifies data to make it conform (trims whitespace, normalises unicode, encodes HTML entities). Always sanitise before validating, and validate before processing.

Should I validate on the client, server, or both?

Always validate on the server — client-side validation can be bypassed. Client-side validation is a UX enhancement that provides fast feedback. Never trust client-side validation alone.

How do I handle international input like phone numbers and postcodes?

For phone numbers, use the libphonenumber library which handles all international formats. For postcodes, validate per country — specify the target countries in business_rules and the AI will generate country-specific patterns.

What is the difference between validation and sanitisation?

Validation checks if data conforms to rules (returns errors). Sanitisation modifies data to make it conform (trims whitespace, normalises unicode, encodes HTML entities). Always sanitise before validating, and validate before processing.

data

Data Validation Rules Prompt

Validation that returns only the first error forces users to submit a form multiple times to fix all issues. This prompt generates a collect-all-errors validator that surfaces every problem at once, along with human-readable messages rather than technical codes. The sanitisation step (trimming whitespace, normalising unicode) prevents a class of bugs where visually identical inputs produce different results.

Prompt Template

You are a senior software engineer specialising in data integrity and input validation.

Create comprehensive validation rules for the following data:

Data entity: {{entity}}
Fields to validate:
{{fields}}

Validation framework: {{framework}}
Language: {{language}}
Business rules: {{business_rules}}

For each field, generate:
1. **Type validation** — correct data type check
2. **Format validation** — regex or format check where applicable
3. **Range/length validation** — min/max bounds
4. **Business rule validation** — domain-specific constraints
5. **Sanitisation** — how to clean the input before validation

Also provide:
- A clear, user-friendly error message for each validation failure
- A function that validates the entire entity at once and returns all errors (not just the first)
- Unit tests covering valid data, each type of invalid data, and edge cases

Variables

{{entity}}The data entity to validate, e.g., "user registration form", "payment request", "product listing"

{{fields}}List of fields with descriptions, e.g., "email (required), age (18-120), phone (UK format)"

{{framework}}Validation library: zod, yup, joi, pydantic, javax.validation, or "write from scratch"

{{language}}Programming language

{{business_rules}}Domain constraints, e.g., "start_date must be before end_date", "discount cannot exceed order total", or "None"

Example

Input

entity: user registration
fields:
- email (required, valid email format)
- password (required, min 8 chars, at least one number and one uppercase)
- age (optional, integer 13-120)
- username (required, 3-20 chars, alphanumeric and underscores only)
framework: zod
language: TypeScript
business_rules: username must not be a reserved word (admin, root, system)

Output

import { z } from 'zod';

const RESERVED = new Set(['admin', 'root', 'system']);

const UserSchema = z.object({
  email: z.string().email('Please enter a valid email address'),
  password: z.string()
    .min(8, 'Password must be at least 8 characters')
    .regex(/[A-Z]/, 'Password must contain at least one uppercase letter')
    .regex(/[0-9]/, 'Password must contain at least one number'),
  age: z.number().int().min(13).max(120).optional(),
  username: z.string()
    .min(3).max(20)
    .regex(/^[a-zA-Z0-9_]+$/, 'Username may only contain letters, numbers, and underscores')
    .refine(v => !RESERVED.has(v.toLowerCase()), 'That username is reserved'),
});

FAQ

Should I validate on the client, server, or both?: Always validate on the server — client-side validation can be bypassed. Client-side validation is a UX enhancement that provides fast feedback. Never trust client-side validation alone.
How do I handle international input like phone numbers and postcodes?: For phone numbers, use the libphonenumber library which handles all international formats. For postcodes, validate per country — specify the target countries in business_rules and the AI will generate country-specific patterns.
What is the difference between validation and sanitisation?: Validation checks if data conforms to rules (returns errors). Sanitisation modifies data to make it conform (trims whitespace, normalises unicode, encodes HTML entities). Always sanitise before validating, and validate before processing.

Related Prompts

Regex Generation Prompt

Regex is one of the most misread and miswritten tools in programming. This prompt generate...

API Response Parsing Prompt

API integrations break most often when the response structure changes or contains unexpect...

REST API Design Prompt

Good API design is about consistency and predictability. This prompt enforces REST convent...

Data Validation Rules Prompt

Variables

Example

Related Tools

FAQ

Related Prompts