Comment On Email Hyper-Validation

"The quickest way to advance around here is to get some project management experience under your belt!" was the advice Andrew's boss handed out along with an assignment to work with the offshore group. [expand full text]
« PrevPage 1 | Page 2 | Page 3Next »

Re: Email Hyper-Validation

2013-08-12 06:34 • by idisjunction
Making the frist post is also an agreed upon standard.

Re: Email Hyper-Validation

2013-08-12 06:35 • by henke37
But plussigns and ampserands are legal!

Re: Email Hyper-Validation

2013-08-12 06:36 • by Citron (unregistered)
The real WTF is "alphanumeric characters only". With all these possible e-mail-addresses out there, the only useful thing to do for e-mail validation is to check, if the ser may have misstyped his e-mail-address, by checking for '@' and '.'. Use an opt-in to check if the user has access to the address.

Re: Email Hyper-Validation

2013-08-12 06:39 • by Damien (unregistered)
Meh. It has errors too:

If Right(strEmail, 1) = "." Then
strReturn = "Email address cannot end with '.'"
GoTo ExitHandler

An email address can actually end with a '.'. Its a fully qualified domain name..

Re: Email Hyper-Validation

2013-08-12 06:39 • by Hannes (unregistered)
414822 in reply to 414818
Right or wrong, this is what they agreed to do to the presidents sick daughter. And let me assure you: It was no laughing matter!

Re: Email Hyper-Validation

2013-08-12 06:45 • by Warren (unregistered)
OK, so they should have had a return type of boolean and used exceptions for the errors....

Re: Email Hyper-Validation

2013-08-12 06:46 • by u (unregistered)
414824 in reply to 414820
Citron:
The real WTF is "alphanumeric characters only". With all these possible e-mail-addresses out there, the only useful thing to do for e-mail validation is to check, if the ser may have misstyped his e-mail-address, by checking for '@' and '.'. Use an opt-in to check if the user has access to the address.


It states "In following with agreed upon standards" - it is nowhere said that they are following _RFC_ standards.

Re: Email Hyper-Validation

2013-08-12 06:49 • by Grzechooo (unregistered)
Good that he didn't use a regular expression.

Re: Email Hyper-Validation

2013-08-12 06:50 • by ratchet freak (unregistered)
414826 in reply to 414824
u:
Citron:
The real WTF is "alphanumeric characters only". With all these possible e-mail-addresses out there, the only useful thing to do for e-mail validation is to check, if the ser may have misstyped his e-mail-address, by checking for '@' and '.'. Use an opt-in to check if the user has access to the address.


It states "In following with agreed upon standards" - it is nowhere said that they are following _RFC_ standards.


isn't TRWTF that Andrew didn't specify that the RFC standard should be followed

though I'm afraid of the code that would come out of that specification

Re: Email Hyper-Validation

2013-08-12 06:54 • by Tim B (unregistered)
414827 in reply to 414821
An email address can actually end with a '.'

Domain names can end with '.', but email addresses can't. See ttp://tools.ietf.org/html/rfc5321#section-4.1.2

Re: Email Hyper-Validation

2013-08-12 07:00 • by Hannes (unregistered)
414828 in reply to 414825
Grzechooo:
Good that he didn't use a regular expression.


Well, he had 99 problems once and used regular expressions. In the end, he had 100 problems.

http://xkcd.com/1171/

Also, I find it interesting that Akismet catches the url in the QUOTE and think it's spam...

Re: Email Hyper-Validation

2013-08-12 07:01 • by JimmyCrackedCorn (unregistered)
It would have been nice to have the routine aggregate all the validation errors so that they could be presented at once (up to a certain limit).

Re: Email Hyper-Validation

2013-08-12 07:01 • by Ian Eiloart (unregistered)
But, hey, the specs were screwed up anyway. There's no point having great programming style if you're being told to write nonsense. Almost every character is valid on the left hand side of an email address, if quoted. And the plus symbol in particular is widely used.

Re: Email Hyper-Validation

2013-08-12 07:04 • by QJo (unregistered)
Aha! I know this - TRWTF is using Goto! Do I win a prize?

Apart from that, all perfectly cromulent. Oh, apart from not leaving a neat space between the instances of the function names (Len, instr etc.) and their arguments.

Look how much better 'If InStr (strEmail, "@") = 0 Then' looks.

Re: Email Hyper-Validation

2013-08-12 07:09 • by QJo (unregistered)
But seriously folks, TRWTF is:

"Thank goodness he has his own coding experience to fall back upon."

A suboptimal approach. Better would be to communicate with the coder in question and explain in detail the shortcomings of the design used. Then the coder learns to code and the subject of this piece learns to delegate. Doing it himself is a complete waste of the effort taken to give him PM experience.

Re: Email Hyper-Validation

2013-08-12 07:22 • by csrster (unregistered)
The real WTF is surely not using the Composite pattern to aggregate multiple validation rules in a single rule. Then each individual rule can be ruthlessly and independently unit-tested. Plus you're able instantiate these generalised validation rules using an Abstract Factory Pattern and an appropriate dependency-injection framework. Here, let me show you some UML ...

Re: Email Hyper-Validation

2013-08-12 07:36 • by faoileag (unregistered)
414834 in reply to 414832
QJo:
But seriously folks, TRWTF is:

"Thank goodness he has his own coding experience to fall back upon."

A suboptimal approach. Better would be to communicate with the coder in question and explain in detail the shortcomings of the design used.

In a way even the completely wrong apporach - if taken into consideration that it is not his job to code the validity check, but to supervise the offshore team.

Re: Email Hyper-Validation

2013-08-12 07:38 • by faoileag (unregistered)
414835 in reply to 414833
csrster:
The real WTF is surely not using the Composite pattern to aggregate multiple validation rules in a single rule. Then each individual rule can be ruthlessly and independently unit-tested. Plus you're able instantiate these generalised validation rules using an Abstract Factory Pattern and an appropriate dependency-injection framework. Here, let me show you some UML ...

I'm missing the XML in your design. Without XML in it, it's definitely not enterprisey enough!

Re: Email Hyper-Validation

2013-08-12 07:39 • by Floobart (unregistered)
I don't know about all the characters and weird combinations he checks for, but I do know that email addresses can contain + (plus) " (quotes) and ( ) (parentheses)


CAPTCHA: immitto - post this immitto!

Re: Email Hyper-Validation

2013-08-12 07:43 • by faoileag (unregistered)
strReturn = "Email address cannot contain " & Chr(34)

Don't tell me Visual Basic has no other means to include a quote in string?

Re: Email Hyper-Validation

2013-08-12 07:48 • by wrojr (unregistered)
TRWTF is that code being wildly used, since so many forms don't accept the + and so on...

Re: Email Hyper-Validation

2013-08-12 07:49 • by Mattmon (unregistered)
If InStr(strEmail, "frist") > 0 Then
strReturn = "Email address cannot contain 'frist'"
GoTo ExitHandler
End If

Re: Email Hyper-Validation

2013-08-12 07:53 • by Christian (unregistered)
Hi,

and this is my all time favourite ....

> If InStr(1, strEmail, "+") > 0 Then
> strReturn = "Email address cannot contain '+'"
> GoTo ExitHandler
> End If


Why the hell shouldn't an email address contain a +. I use that all the time.

Greetings
Christian

Re: Email Hyper-Validation

2013-08-12 07:56 • by JimmyCrackedCorn (unregistered)
I know VB, but perhaps this would have been on the way to better:


Module VBModule

Sub Main()
Console.WriteLine(LibValidateEmail("test@test.com"))

End Sub


Module VBModule

Sub Main()
Console.WriteLine(LibValidateEmail("test@test.com") )
End Sub


Function LibValidateEmail(ByVal strEmail As String) As String
'
' Validate email address - if valid returns "".
'
Dim strReturn As String = ""

If Len(strEmail) < 7 Then
strReturn = MoreErrors(strReturn,"Please fill in full email address")
End If

If CharacterCount(strEmail, "@") <> 1 Then
strReturn = MoreErrors(strReturn, "Address must contain only one '@' character")
End If

If Left(strEmail, 1) = "@" Then
strReturn = MoreErrors(strReturn,"Email address cannot start with '@'")
End If
If Right(strEmail, 1) = "@" Then
strReturn = MoreErrors(strReturn,"Email address cannot end with '@'")
End If
If InStr(strEmail, ".@") > 0 Then
strReturn = MoreErrors(strReturn,"Email address cannot contain '.@'")
End If
If InStr(strEmail, "@.") > 0 Then
strReturn = MoreErrors(strReturn,"Email address cannot contain '@.'")
End If

If InStr(strEmail, "..") > 0 Then
strReturn = MoreErrors(strReturn,"Email address cannot contain '..'")
End If
If Left(strEmail, 1) = "." Then
strReturn = MoreErrors(strReturn,"Email address cannot start with '.'")
End If
If Right(strEmail, 1) = "." Then
strReturn = MoreErrors(strReturn,"Email address cannot end with '.'")
End If




If Not ValidateChars(strEmail) Then
MoreErrors(strReturn,"Email address cannot contain invalid characters")
End If

If Not ExcludeChars(strEmail) Then
MoreErrors(strReturn,"Email address cannot contain invalid characters")
End If


If InStr(strEmail, Chr(34)) > 0 Then
strReturn = MoreErrors(strReturn,"Email address cannot contain " & Chr(34))
End If


If InStr(strEmail, Chr(127)) > 0 Then
strReturn = MoreErrors(strReturn,"Email address cannot contain invalid characters")
End If

End Function

' Eliminate low end of ASCI range
Function ValidateChars(ByVal value As String) As Boolean
Dim errorFlag As Boolean = true
For Each c As Char In value
if Convert.toInt32(Convert.ToByte(c)) < 33
errorFlag = false
exit for
end if
Next
Return errorFlag
End Function

' Exclude specific characters
Function ExcludeChars(ByVal value As String) As Boolean
Dim okFlag As Boolean = true
Dim excludedChars As String = "!#$%&^*()+,/:;<=>?[\]`~{|}"

For Each c As Char In value
If InStr(excludedChars,c) > 0 Then
okFlag = false
exit for
end if
Next
Return okFlag
End Function

' Simple count of a specific character
Function CharacterCount(ByVal value As String, ByVal ch As Char) As Integer
Dim cnt As Integer = 0
For Each c As Char In value
If c = ch Then cnt += 1
Next
Return cnt
End Function

' Concatinate a string
Function MoreErrors(ByVal strError As String, ByVal strMore As String) As String
return strError & vbCrLf & strMore
End Function
End Module


' Let the flamage begin!

Re: Email Hyper-Validation

2013-08-12 07:59 • by faoileag (unregistered)
Looking at the article I can not help but to think that the code might have the odd bug regarding false negatives (as others have noticed before), but without knowledge of the documents Andrew sent to the offshore team, it does not represent a wtf per se.

Perhaps Andrew did not tell the offshore team that the string to test would come from a web form and would therefore be highly unlikely to contain bell characters etc?

Perhaps the return value was specified as "empty string if valid, error msg when not"? Then the developer would have had all the freedom to make the error message as verbose and specific as he wanted.

You get what you specify. Unclear specs and this is what you get. Clear specs that state "gimme precise error messages on all failures" and this is also what you get.

Give your spec like "Function must test a string for validity as email address against relevant RFC, and return TRUE if valid, FALSE if not" and you can run sample email addresses against the delivered function and complain if the sample email addresses give false positives or negatives.

But this being Andrew's first stab at being an offshore team lead, I wouldn't even count any bad specs on his side as a wtf. "Puppy license" applies to all new recruits. Ok, make that should apply ;-)

Re: Email Hyper-Validation

2013-08-12 08:02 • by faoileag (unregistered)
414843 in reply to 414841
JimmyCrackedCorn:
perhaps this would have been on the way to better:
(...endless lines of VB code excluded...)

You haven't heard of http://pastebin.com/ , have you?

Re: Email Hyper-Validation

2013-08-12 08:04 • by JimmyCrackedCorn (unregistered)
414844 in reply to 414843
faoileag:
JimmyCrackedCorn:
perhaps this would have been on the way to better:
(...endless lines of VB code excluded...)

You haven't heard of http://pastebin.com/ , have you?


I thought some hadn't.

Re: Email Hyper-Validation

2013-08-12 08:06 • by JimmyCrackedCorn (unregistered)
414845 in reply to 414844
JimmyCrackedCorn:
faoileag:
JimmyCrackedCorn:
perhaps this would have been on the way to better:
(...endless lines of VB code excluded...)

You haven't heard of http://pastebin.com/ , have you?


I thought some hadn't.


http://pastebin.com/TYX4Utax

Re: Email Hyper-Validation

2013-08-12 08:12 • by Don (unregistered)
414846 in reply to 414821
Damien:
Meh. It has errors too:

If Right(strEmail, 1) = "." Then
strReturn = "Email address cannot end with '.'"
GoTo ExitHandler

An email address can actually end with a '.'. Its a fully qualified domain name..

An FQDN cannot impose ambiguity, hence the name FULLY QUALIFIED in the definition. Ending or starting with a . creates ambiguity.

I think you mean DNS RESOLVERS don't care about the dot...

Re: Email Hyper-Validation

2013-08-12 08:17 • by pjt33
414847 in reply to 414842
faoileag:
Looking at the article I can not help but to think that the code might have the odd bug regarding false negatives (as others have noticed before), but without knowledge of the documents Andrew sent to the offshore team, it does not represent a wtf per se.

Regardless of the spec, any code which could be compressed by 90% with a loop or two is a WTF unless it's explicitly commented that the loop was unrolled with a significant impact on performance.

Re: Email Hyper-Validation

2013-08-12 08:19 • by Kuba
414848 in reply to 414820
Citron:
The real WTF is "alphanumeric characters only". With all these possible e-mail-addresses out there, the only useful thing to do for e-mail validation is to check, if the ser may have misstyped his e-mail-address, by checking for '@' and '.'. Use an opt-in to check if the user has access to the address.
I fucking don't get why on Earth one just won't point to the applicable RFCs and be done with it. Do we really have to paraphrase internet standards all the time? Don't people have better things to do? Writing "specs" for what is a valid email address is like writing "specs" as to how a valid TCP/IP connection should look on the wire. It's like going full retard and being proud of it.

Re: Email Hyper-Validation

2013-08-12 08:19 • by radarbob (unregistered)
414849 in reply to 414823
Warren:
OK, so they should have had a return type of boolean and used exceptions for the errors...


Aaaarrrrggghhhhhh...

Re: Email Hyper-Validation

2013-08-12 08:42 • by faoileag (unregistered)
414850 in reply to 414847
pjt33:
faoileag:
think that the code ... does not represent a wtf per se.

Regardless of the spec, any code which could be compressed by 90% with a loop or two is a WTF unless it's explicitly commented that the loop was unrolled with a significant impact on performance.

For a peer review, I would agree with you completely. However, this is code delivered by an offshore team. In an ideal world, you run your pre-written unit-tests against it and tell the offshore team which have failed if any fail. You do not look at the codebase itself, unless somewhere in your contract with the overseas company you have a clause that explicitly states that the code itself must also meet certain standards. Which is normally not the case. So who cares if they do the loop unrolling themselves? Let them. Perhaps they get paid by lines of code.

Re: Email Hyper-Validation

2013-08-12 08:56 • by Hannes (unregistered)
414851 in reply to 414846
Don:
Damien:
Meh. It has errors too:

If Right(strEmail, 1) = "." Then
strReturn = "Email address cannot end with '.'"
GoTo ExitHandler

An email address can actually end with a '.'. Its a fully qualified domain name..

An FQDN cannot impose ambiguity, hence the name FULLY QUALIFIED in the definition. Ending or starting with a . creates ambiguity.

I think you mean DNS RESOLVERS don't care about the dot...


DNS Resolvers DO care about the dot. If they wouldn't they couldn't resolve a URL like http://thedailywtf(dot)com(dot). But -surprise surprise- they do resolve it.

Re: Email Hyper-Validation

2013-08-12 09:13 • by Mike (unregistered)
This is why VB coders get a bad wrap. If your if statement doesn't get you all the way there just throw in another 100 or so for each possibility and you should be fine.

Re: Email Hyper-Validation

2013-08-12 09:21 • by iaoth (unregistered)
414853 in reply to 414852
bad rap*

Re: Email Hyper-Validation

2013-08-12 09:25 • by faoileag (unregistered)
bad rep.

Re: Email Hyper-Validation

2013-08-12 09:28 • by anon (unregistered)
414855 in reply to 414837
It does it is just ugly as sin especially when it is at the end of a string It would be something like.

strReturn = "Email address cannot contain """

Re: Email Hyper-Validation

2013-08-12 09:35 • by Dave (unregistered)
414856 in reply to 414848
Kuba:
I fucking don't get why on Earth one just won't point to the applicable RFCs and be done with it.


Start by looking at the relevant RFC and showing us how you'd code for it. We could use a laugh.

Re: Email Hyper-Validation

2013-08-12 09:47 • by English Man
414857 in reply to 414819
henke37:
But plussigns and ampserands are legal!
plus-signs are a great way to see who has leaked your email to marketing/spam lists but sadly are only accepted by 25-50% of sites in my experience.

Re: Email Hyper-Validation

2013-08-12 09:48 • by faoileag (unregistered)
414858 in reply to 414856
Dave:
Kuba:
I fucking don't get why on Earth one just won't point to the applicable RFCs and be done with it.


Start by looking at the relevant RFC and showing us how you'd code for it. We could use a laugh.

Grzechooo already did that further up in
Post 414825

Re: Email Hyper-Validation

2013-08-12 09:54 • by Cant remember my damn login (unregistered)
414859 in reply to 414823
no, no, no, no just NO!

A user incorrectly entering an email address is not exceptional

Re: Email Hyper-Validation

2013-08-12 09:56 • by Anonymoose (unregistered)
Sites that don't accept plus signs make me sad and usually turn me away.

Re: Email Hyper-Validation

2013-08-12 09:57 • by Abigo (unregistered)
414861 in reply to 414825
Grzechooo:
Good that he didn't use a regular expression.


I think I see it. It's a boat, right?

Re: Email Hyper-Validation

2013-08-12 10:14 • by user+suffix@emaildomain (unregistered)
Beyond the ludicrous use of if-then statements instead of a regex, here is another point:

The "+" character IS valid in the username part of an email address.

It would be nice if programmers doing email validation would actually READ the documentation regarding this.

RFC 2822 would be a good place to start.

www.ietf.org/rfc/rfc2822.txt

Re: Email Hyper-Validation

2013-08-12 10:22 • by anonymous (unregistered)
414863 in reply to 414827
Tim B:
An email address can actually end with a '.'

Domain names can end with '.', but email addresses can't. See ttp://tools.ietf.org/html/rfc5321#section-4.1.2
I tried typing that into my touch-tone phone, but the nice operator lady told me that it wasn't understood.

Re: Email Hyper-Validation

2013-08-12 10:24 • by faoileag (unregistered)
414864 in reply to 414862
user+suffix@emaildomain:
It would be nice if programmers doing email validation would actually READ the documentation regarding this.

RFC 2822 would be a good place to start.

RFC 2822 is not exactly an easy read. Personally, I find en.wikipedia.org/wiki/Email_address#Local_part much more appealing.

Re: Email Hyper-Validation

2013-08-12 10:32 • by jkupski (unregistered)
414865 in reply to 414851
Hannes:
DNS Resolvers DO care about the dot. If they wouldn't they couldn't resolve a URL like http://thedailywtf(dot)com(dot). But -surprise surprise- they do resolve it.

Actually, they do not, given that the above is a URL (as you yourself note) and not a domain name. The above is really a lot like misusing they're/their/there while being a grammar nazi.

Re: Email Hyper-Validation

2013-08-12 10:36 • by da Doctah

If InStr(strEmail, "..") > 0 Then
strReturn = "Email address cannot contain '..'"
GoTo ExitHandler

Wait. Why the hell can't Email address contain '..'?

Are you going to tell me that fred..smith@jones.com is invalid?

Re: Email Hyper-Validation

2013-08-12 10:40 • by Koch (unregistered)
414867 in reply to 414856
This ^
« PrevPage 1 | Page 2 | Page 3Next »

Add Comment