ToolKit
Developer ToolsMay 18, 2026

Generating Test Data: A Practical Guide for Developers

How to create realistic test data for unit tests, integration tests, and staging environments — covering data types, edge cases, boundary values, and the tools that automate generation.

Olivia Bennett
Olivia Bennett · Full-stack Developer
Full-stack developer focused on developer tooling and web performance. Writes about the formats, patterns, and shortcuts devs reach for every day.
testingqatest datafake datafixtures

Why Test Data Quality Matters

The most common testing failure is not catching a bug before it reaches production — it is testing with data that is too clean, too regular, and too predictable to expose real problems. If your tests only use test@example.com and John Doe, you will never discover that your email validation rejects RFC-valid addresses with plus signs, that your name field breaks on apostrophes, or that your form submission endpoint does not handle 10,000-character inputs.

Good test data is diverse, realistic, and deliberately adversarial. This guide covers how to generate it systematically for different testing contexts.

The Four Types of Test Data You Need

1. Valid representative data

Data that correctly represents what real users submit. Should use realistic formats, realistic lengths, and realistic value distributions.

  • Email addresses with real domains (not just test@example.com)
  • Phone numbers in actual formats (+1 (415) 555-0123, +44 20 7946 0958)
  • Names with non-ASCII characters (José García, Müller-Schmidt, 山田太郎)
  • Dates spread across past and future
  • Prices with correct decimal precision

2. Boundary values

Values at the edges of what your system accepts. Most bugs live at boundaries.

  • Empty strings — the most commonly missed case
  • Single character — tests minimum field requirements
  • Maximum field length — exact boundary (255 chars), just over (256), and far over (10,000)
  • Zero, negative, and very large numbers — for numeric fields
  • First and last valid dates — for date pickers and range queries
  • Minimum and maximum allowed values — for range validators

3. Invalid format data

Data with the wrong structure that your validation layer should reject.

  • Email missing @ or domain
  • Phone with letters
  • Date out of range (February 30, month 13)
  • Number with non-numeric characters
  • JSON with syntax errors
  • HTML/XML that isn't well-formed

4. Adversarial payloads

Inputs deliberately crafted to break or exploit your system. Every form field that accepts user input should be tested with:

  • XSS payloads: <script>alert(1)</script>, "><img src=x onerror=alert(1)>
  • SQL injection: '; DROP TABLE users; --, 1 OR 1=1
  • Path traversal: ../../etc/passwd, ..\windows\system32
  • Format string attacks: %s%s%s%s%s
  • Null bytes: value\x00trailing
  • Unicode edge cases: right-to-left characters, zero-width spaces, emoji sequences

Generating Realistic Mock Data

For development environments, staging databases, and demo setups, you need bulk data that looks real enough to test with visually and functionally.

The Mock Data Generator generates realistic fake data across 23 field types:

  • Personal: name, first name, last name, email, phone, username
  • Address: street address, city, state/province, country, ZIP/postal code
  • Business: company name, job title, department
  • Tech: UUID, IP address, URL, hex color
  • Financial: credit card number (test data only), price
  • Temporal: date, timestamp

Generate 1–1,000 rows and export as JSON or CSV. JSON is useful for seeding Node.js/Python services; CSV imports directly into databases and spreadsheets.

For database seeding: Export 1,000 rows to CSV and import with your database's bulk load tool:

# PostgreSQL
\COPY users(name, email, phone) FROM 'mock_users.csv' DELIMITER ',' CSV HEADER;

# MySQL
LOAD DATA INFILE '/path/to/mock_users.csv' INTO TABLE users
FIELDS TERMINATED BY ','
LINES TERMINATED BY '\n'
IGNORE 1 ROWS;

# SQLite
.mode csv
.import mock_users.csv users

Generating Test Cases for Form Validation

Validating that your forms handle bad input correctly requires systematically generating every edge case category for every field type.

The Form Test Data Generator takes a field description and generates 12 test case categories automatically:

Category Description
Valid Correct format, representative value
Invalid format Wrong structure (email without @, phone with letters)
Boundary minimum Shortest accepted value
Boundary maximum Longest accepted value
Below minimum One character/unit shorter than the minimum
Above maximum One character/unit longer than the maximum
Empty Empty string
Special characters Quotes, ampersands, angle brackets, backslashes
XSS payload Cross-site scripting injection attempt
SQL injection SQL injection attempt
Oversized 10,000-character string
Unicode Non-ASCII characters, emoji, right-to-left text

Export the generated test cases as CSV, JSON, or Markdown. The Markdown format works well for test documentation or pasting into a Jira/Linear ticket. The JSON format can be used directly as input data in Cypress, Playwright, or Jest parameterized tests.

Example Cypress data-driven test using exported JSON:

const emailTestCases = require('./test-data/email-fields.json');

emailTestCases.forEach(({ category, value, expectation }) => {
    it(`email field: ${category}`, () => {
        cy.visit('/register');
        cy.get('[name=email]').type(value || ' ');
        cy.get('[type=submit]').click();
        
        if (expectation === 'valid') {
            cy.url().should('not.include', '/register');
        } else {
            cy.get('.error-message').should('be.visible');
        }
    });
});

Unique Identifiers in Test Data

Test records need identifiers that are unique across test runs, stable within a run, and non-colliding with production data. The standard approach is UUIDs.

The UUID Generator generates cryptographically random UUID v4 values. For seeding test databases, generate a batch of UUIDs and reference them in related tables:

// JavaScript — generating test fixtures with deterministic UUIDs
// Use UUID v5 (name-based) for reproducible test IDs
import { v5 as uuidv5 } from 'uuid';

const NAMESPACE = '6ba7b810-9dad-11d1-80b4-00c04fd430c8'; // URL namespace

const testUsers = [
    { id: uuidv5('user:alice@test.com', NAMESPACE), email: 'alice@test.com' },
    { id: uuidv5('user:bob@test.com', NAMESPACE),   email: 'bob@test.com' },
];
// Same email always produces the same UUID — tests are reproducible

For factories in unit tests, popular libraries handle UUID generation automatically:

  • JavaScript: faker.js (with faker.string.uuid())
  • Python: factory_boy (with factory.LazyFunction(uuid.uuid4))
  • Ruby: FactoryBot (with SecureRandom.uuid)

Data for Different Testing Contexts

Unit tests

Unit tests should use minimal, hardcoded data that makes the test intention obvious. Do not generate random data in unit tests — non-deterministic inputs make failures hard to reproduce.

# Good: specific, self-documenting test data
def test_email_validation_rejects_missing_at():
    assert is_valid_email("notanemail.com") == False

# Avoid: random data in unit tests
def test_email_validation():
    random_email = fake.email()  # Could pass or fail unpredictably
    assert is_valid_email(random_email) == True

Integration and end-to-end tests

Integration tests benefit from realistic data that exercises the full stack. A few approaches:

Database fixtures: Pre-written SQL or JSON files that insert a known set of records before each test run. Fast, reproducible, but require maintenance when schema changes.

Factory functions: Code that generates records with sensible defaults and lets individual tests override specific fields. More maintainable than raw fixtures.

Seeded random data: Use a deterministic random seed so the same test run always produces the same data. faker.seed(12345) in faker.js makes random data reproducible.

Load and performance tests

Load tests need large volumes of data that stress database indexes, cache invalidation, and connection pool limits. Generate 100,000+ rows of realistic data and pre-load them into the test database before running k6, Locust, or JMeter.

The Mock Data Generator supports up to 1,000 rows per batch; for larger datasets, run the generation multiple times or use the exported CSV as a template for a database-level generation script.

Data Privacy in Testing

A common shortcut — copying production data to development or staging — creates significant legal and security risks. Under GDPR, CCPA, and most data protection regulations, personal data may only be used for the purpose it was collected for. Using production customer emails in development databases likely violates those purposes.

Use generated test data instead of anonymized production data where possible. If you need realistic data distributions (to test performance with production-scale data), anonymize by:

  • Replacing real names with generated names
  • Replacing real emails with {random}@example.com
  • Replacing real phone numbers with generated numbers in the same format
  • Replacing real addresses with generated addresses in the same region

Checklist: Test Data That Covers the Real World

Before shipping a feature, verify your test suite includes:

  • Valid data in expected format
  • Empty input for every field
  • Maximum length input
  • Input exceeding maximum length
  • Non-ASCII characters (accented letters, CJK, emoji)
  • Special characters (<, >, &, ", ', ;, --)
  • At least one XSS payload
  • At least one SQL injection string
  • Null / undefined values where applicable
  • Realistic volume (if testing a list, include 0, 1, and 1000+ items)
  • Numeric edge cases (0, negative, very large, decimal precision)
  • Date edge cases (far past, far future, leap day, timezone boundaries)

The Form Test Data Generator covers the majority of this checklist automatically for any field you describe.

← All guides