What is input validation and why is it important for security?

• A. It is a method for handling user authentication protocols.
• B. It ensures output formatting is consistent.
• C. Checking user input to ensure it meets required rules and to prevent security risks like SQL injection.
• D. It only validates data after it has been stored.

Answer: (C)

Input validation is the process of checking what a user submits before the system uses it, making sure the data matches expected type, length, format, and content. This catches unexpected or dangerous input early so it can’t cause errors or be misused.

For security, validating input is crucial because many attacks rely on crafted input that exploits assumptions in code or queries. By checking input and using safe handling methods—such as whitelisting allowed formats, enforcing size limits, and using prepared statements or proper escaping—you prevent harmful data from altering program behavior or executing unintended commands. This helps protect against injections, cross-site scripting, and other exploits, while also maintaining data integrity and stability.

Other options describe different concepts: authentication protocols focus on verifying who a user is, output formatting concerns how results look, and validating data after storage misses the opportunity to stop problems at the input stage.