Comment Re:Because ... crowd source? (Score 3, Interesting) 37
It seems kind of dumb to on the one hand think you'll get everyone to help populate your data for free, and on the other hand that you'll get perfectly valid data in all cases.
I consider this Rule #1 in any kind of development project: Never trust the user's input.
It doesn't matter if you told the user to select 1 to 10 and gave them a drop down box to choose the appropriate number. Don't trust that only numbers from 1 to 10 will be coming to your application. Check to make sure that the input is indeed a number and not "1; Delete from Users". Make sure that the number is within your 1 - 10 integer boundaries and not -1, 13, or 3.14159265. Only once the input has been fully vetted/sanitized should it be used.
Obviously, things get more complicated when you get up to Map Maker levels of complexity. You can't simply run IsNewDataValid(x). However, this is where you should have someone review the data for any obvious issues. It won't remove all abuses (people might sneak in graffiti using many small, innocuous-looking updates instead of one big one), but it can help stop major abuses. It also can slow down approvals of user data, but sometimes slow posting of data is preferable to letting everything through and then looking foolish when someone posts something inappropriate.