I learned early on to NEVER trust user-input. I ALWAYS either run it through a case-switch, a regex to strip-and-limit characters, force its type into an integer or whatever I’m expecting it to be.
But my code was getting cluttered, even down into the little tiny functions, with my constant paranoia about malicious values being passed.
I’m starting to feel like I have padlocks on my silverware drawer, instead of just strong locks on the outside, and comfort and cleanliness inside.
So where do you more experienced programmers choose to clean the user-input? Any advantages or disadvantages you’ve found from doing it a certain way?
A single user-interface class where ALL incoming data is cleaned and verified before being allowed through? Then stop the paranoia on the inside?
Or is it still wise to stay paranoid and distrust input at all levels?
Please share your experiences or advice, here: