JSON is even harder than XML to do input validation, because schemas for it are just now being standardized. For example, you can play with a JSON schema generator. This lack of a standard for JSON schemas means that automatic JSON validation is extremely rare in practice. Even when this changes, the same comments about schemas and business rules from XML apply to JSON: the schema must be properly used and rarely can a schema be used to validate business rules.
For Java, you can use Francis Galiegue’s json–schema–validator or the JSON tools com.sdicons.json.validator. For C#, you can use the Json.NET JsonSchema and JsonValidatingReader classes. For C++, you might look at the Avro library or the one that is part of the Chromium project. Not one of the languages for this book, but for JavaScript, you can use dojox.json.schema.
With JSON, you have to also be aware of the possibility of injection attacks; I will cover these in more detail in an upcoming blog post.
Just like with XML, if you are not using a schema to validate the data, YOU must be doing all of the validation.
