Input Validation Prompts

Add input validation to my form. I want to check user data before accepting it.

Framework: [Express, Flask, Django, FastAPI, React, Vue, etc.]
Validation library: [Zod, Yup, Pydantic, Joi, or suggest one]

My form has these fields:
- [email, password, username, age, phone, etc.]

For each field:
1. What rules should it follow (required, format, length)
2. Clear error messages users will understand
3. Show validation both on the frontend (immediate feedback) AND backend (security)

I'm learning, so explain why each validation rule matters and what could go wrong without it.

Add input sanitization to protect my app from malicious data.

Framework: [Express, Flask, Django, FastAPI, etc.]

I need to sanitize:
- Text that will be displayed on pages (prevent XSS)
- Data that will go into database queries (prevent SQL injection)
- File names from user uploads
- URLs from user input

For each type:
1. What dangerous characters or patterns to remove/escape
2. The specific function or library to use
3. Where in my code to add the sanitization

Explain the attacks each sanitization prevents. I want to understand why this matters, not just copy code.

Create validation for my API endpoints. I want to reject bad requests before they hit my business logic.

Framework: [Express, FastAPI, Django REST, etc.]
Validation library: [Zod, Pydantic, Marshmallow, Joi, or suggest one]

Validate these endpoints:
[POST /users - create user with email, password, name]
[PUT /users/:id - update user profile]
[POST /orders - create order with items array, shipping address]

For each endpoint:
1. Define a validation schema (types, required fields, formats)
2. Return clear error responses with field-level messages
3. Strip unknown fields to prevent mass assignment
4. Handle missing vs invalid vs malformed data differently

Show me how to reuse validation schemas across endpoints. I'm learning, so explain each validation choice.

I have some validation code but I don't fully understand what it's doing. Please explain it to me.

Here's my validation code:
[paste your validation code here]

Please explain:
1. What fields does this validate?
2. What rules does each field have? (explain in plain English)
3. Are there any security vulnerabilities or missing checks?
4. What error messages will users see?
5. Is validation happening on frontend, backend, or both?

Suggest improvements if you see:
- Missing sanitization
- Rules that are too strict or too loose
- Error messages that confuse users
- Security gaps

I'm learning, so explain like I'm new to validation.