If an error occurs and a stream is set to anything other than goodbit, further stream operations on that stream will be ignored.

This condition can be cleared by calling the clear() function.

Although it is relatively rare for a violation of this recommendation to result in a security vulnerability, it can easily result in lost or misinterpreted data.

I'm writing a trivia game program that gives a menu of options. Since you are using single digits I would think about switching to char as mentioned above to give you better control.

Input validation is performed to ensure only properly formed data is entering the workflow in an information system, preventing malformed data from persisting in the database and triggering malfunction of various downstream components.

Input validation should happen as early as possible in the data flow, preferably as soon as the data is received from the external party.

Data from all potentially untrusted sources should be subject to input validation, including not only Internet-facing web clients but also backend feeds over extranets, from suppliers, partners, vendors or regulators[1], each of which may be compromised on their own and start sending malformed data.

Input Validation should not be used as the primary method of preventing XSS, SQL Injection and other attacks which are covered in respective cheat sheets but can significantly contribute to reducing their impact if implemented properly.

Input validation should be applied on both syntactical and semantic level.

Syntactic validation should enforce correct syntax of structured fields (e.g.

With string validation, we accept all user input as a string, and then accept or reject that string depending on whether it is formatted appropriately.

For example, if we ask the user to enter a telephone number, we may want to ensure the data they enter has ten digits.

SSN, date, currency symbol) while semantic validation should enforce correctness of their values in the specific business context (e.g.