• idisjunction (cs)

    Making the frist post is also an agreed upon standard.

  • henke37 (cs)

    But plussigns and ampserands are legal!

  • Citron (unregistered)

    The real WTF is "alphanumeric characters only". With all these possible e-mail-addresses out there, the only useful thing to do for e-mail validation is to check, if the ser may have misstyped his e-mail-address, by checking for '@' and '.'. Use an opt-in to check if the user has access to the address.

  • Damien (unregistered)

    Meh. It has errors too:

    If Right(strEmail, 1) = "." Then strReturn = "Email address cannot end with '.'" GoTo ExitHandler

    An email address can actually end with a '.'. Its a fully qualified domain name..

  • Hannes (unregistered) in reply to idisjunction

    Right or wrong, this is what they agreed to do to the presidents sick daughter. And let me assure you: It was no laughing matter!

  • Warren (unregistered)

    OK, so they should have had a return type of boolean and used exceptions for the errors....

  • u (unregistered) in reply to Citron
    Citron:
    The real WTF is "alphanumeric characters only". With all these possible e-mail-addresses out there, the only useful thing to do for e-mail validation is to check, if the ser may have misstyped his e-mail-address, by checking for '@' and '.'. Use an opt-in to check if the user has access to the address.

    It states "In following with agreed upon standards" - it is nowhere said that they are following RFC standards.

  • Grzechooo (unregistered)

    Good that he didn't use a regular expression.

  • ratchet freak (unregistered) in reply to u
    u:
    Citron:
    The real WTF is "alphanumeric characters only". With all these possible e-mail-addresses out there, the only useful thing to do for e-mail validation is to check, if the ser may have misstyped his e-mail-address, by checking for '@' and '.'. Use an opt-in to check if the user has access to the address.

    It states "In following with agreed upon standards" - it is nowhere said that they are following RFC standards.

    isn't TRWTF that Andrew didn't specify that the RFC standard should be followed

    though I'm afraid of the code that would come out of that specification

  • Tim B (unregistered) in reply to Damien
    An email address can actually end with a '.'
    Domain names can end with '.', but email addresses can't. See ttp://tools.ietf.org/html/rfc5321#section-4.1.2
  • Hannes (unregistered) in reply to Grzechooo
    Grzechooo:
    Good that he didn't use a regular expression.

    Well, he had 99 problems once and used regular expressions. In the end, he had 100 problems.

    http://xkcd.com/1171/

    Also, I find it interesting that Akismet catches the url in the QUOTE and think it's spam...

  • JimmyCrackedCorn (unregistered)

    It would have been nice to have the routine aggregate all the validation errors so that they could be presented at once (up to a certain limit).

  • Ian Eiloart (unregistered)

    But, hey, the specs were screwed up anyway. There's no point having great programming style if you're being told to write nonsense. Almost every character is valid on the left hand side of an email address, if quoted. And the plus symbol in particular is widely used.

  • QJo (unregistered)

    Aha! I know this - TRWTF is using Goto! Do I win a prize?

    Apart from that, all perfectly cromulent. Oh, apart from not leaving a neat space between the instances of the function names (Len, instr etc.) and their arguments.

    Look how much better 'If InStr (strEmail, "@") = 0 Then' looks.

  • QJo (unregistered)

    But seriously folks, TRWTF is:

    "Thank goodness he has his own coding experience to fall back upon."

    A suboptimal approach. Better would be to communicate with the coder in question and explain in detail the shortcomings of the design used. Then the coder learns to code and the subject of this piece learns to delegate. Doing it himself is a complete waste of the effort taken to give him PM experience.

  • csrster (unregistered)

    The real WTF is surely not using the Composite pattern to aggregate multiple validation rules in a single rule. Then each individual rule can be ruthlessly and independently unit-tested. Plus you're able instantiate these generalised validation rules using an Abstract Factory Pattern and an appropriate dependency-injection framework. Here, let me show you some UML ...

  • faoileag (unregistered) in reply to QJo
    QJo:
    But seriously folks, TRWTF is:

    "Thank goodness he has his own coding experience to fall back upon."

    A suboptimal approach. Better would be to communicate with the coder in question and explain in detail the shortcomings of the design used.

    In a way even the completely wrong apporach - if taken into consideration that it is not his job to code the validity check, but to supervise the offshore team.

  • faoileag (unregistered) in reply to csrster
    csrster:
    The real WTF is surely not using the Composite pattern to aggregate multiple validation rules in a single rule. Then each individual rule can be ruthlessly and independently unit-tested. Plus you're able instantiate these generalised validation rules using an Abstract Factory Pattern and an appropriate dependency-injection framework. Here, let me show you some UML ...
    I'm missing the XML in your design. Without XML in it, it's definitely not enterprisey enough!
  • Floobart (unregistered)

    I don't know about all the characters and weird combinations he checks for, but I do know that email addresses can contain + (plus) " (quotes) and ( ) (parentheses)

    CAPTCHA: immitto - post this immitto!

  • faoileag (unregistered)
    strReturn = "Email address cannot contain " & Chr(34)
    Don't tell me Visual Basic has no other means to include a quote in string?
  • wrojr (unregistered)

    TRWTF is that code being wildly used, since so many forms don't accept the + and so on...

  • Mattmon (unregistered)

    If InStr(strEmail, "frist") > 0 Then strReturn = "Email address cannot contain 'frist'" GoTo ExitHandler End If

  • Christian (unregistered)

    Hi,

    and this is my all time favourite ....

    If InStr(1, strEmail, "+") > 0 Then strReturn = "Email address cannot contain '+'" GoTo ExitHandler End If

    Why the hell shouldn't an email address contain a +. I use that all the time.

    Greetings Christian

  • JimmyCrackedCorn (unregistered)

    I know VB, but perhaps this would have been on the way to better:

    Module VBModule
      
        Sub Main()
                 Console.WriteLine(LibValidateEmail("test@test.com"))
            
        End Sub
      
    
    Module VBModule
     
        Sub Main()
            Console.WriteLine(LibValidateEmail("test@test.com") )
        End Sub
      
    
       Function LibValidateEmail(ByVal strEmail As String) As String
            '
            '   Validate email address - if valid returns "".
            '
            Dim strReturn As String = ""
    
            If Len(strEmail) < 7="" then="" strreturn="MoreErrors(strReturn,"Please" fill="" in="" full="" email="" address")="" end="" if="" if="" charactercount(stremail,="" "@")=""><> 1 Then
                 strReturn = MoreErrors(strReturn, "Address must contain only one '@' character")
            End If
            
            If Left(strEmail, 1) = "@" Then
                 strReturn = MoreErrors(strReturn,"Email address cannot start with '@'")
            End If
            If Right(strEmail, 1) = "@" Then
                 strReturn = MoreErrors(strReturn,"Email address cannot end with '@'")
            End If
            If InStr(strEmail, ".@") > 0 Then
                 strReturn = MoreErrors(strReturn,"Email address cannot contain '.@'")
            End If
            If InStr(strEmail, "@.") > 0 Then
                 strReturn = MoreErrors(strReturn,"Email address cannot contain '@.'")
            End If
    
            If InStr(strEmail, "..") > 0 Then
                strReturn = MoreErrors(strReturn,"Email address cannot contain '..'")
            End If
            If Left(strEmail, 1) = "." Then
                strReturn = MoreErrors(strReturn,"Email address cannot start with '.'")
            End If
            If Right(strEmail, 1) = "." Then
                strReturn = MoreErrors(strReturn,"Email address cannot end with '.'")
            End If
    
    
        	
    		
            If Not ValidateChars(strEmail) Then
                MoreErrors(strReturn,"Email address cannot contain invalid characters")
            End If
            
    		If Not ExcludeChars(strEmail) Then
                MoreErrors(strReturn,"Email address cannot contain invalid characters")
            End If
    
    
            If InStr(strEmail, Chr(34)) > 0 Then
                 strReturn = MoreErrors(strReturn,"Email address cannot contain " & Chr(34))
            End If
    
    
            If InStr(strEmail, Chr(127)) > 0 Then
                strReturn = MoreErrors(strReturn,"Email address cannot contain invalid characters")
            End If
    
        End Function
    	
    	' Eliminate low end of ASCI range
    	Function ValidateChars(ByVal value As String) As Boolean
          Dim errorFlag As Boolean = true
          For Each c As Char In value
            if Convert.toInt32(Convert.ToByte(c)) < 33="" errorflag="false" exit="" for="" end="" if="" next="" return="" errorflag="" end="" function="" '="" exclude="" specific="" characters="" function="" excludechars(byval="" value="" as="" string)="" as="" boolean="" dim="" okflag="" as="" boolean="true" dim="" excludedchars="" as="" string="!#$%&^*()+,/:;<=>?[\]`~{|}" for="" each="" c="" as="" char="" in="" value="" if="" instr(excludedchars,c)=""> 0 Then
                okFlag = false
                exit for
            end if
          Next
          Return okFlag
        End Function
    
    	' Simple count of a specific character
        Function CharacterCount(ByVal value As String, ByVal ch As Char) As Integer
          Dim cnt As Integer = 0
          For Each c As Char In value
            If c = ch Then cnt += 1
          Next
          Return cnt
        End Function
    	
    	' Concatinate a string
        Function MoreErrors(ByVal strError As String, ByVal strMore As String) As String
            return strError & vbCrLf & strMore
        End Function
    End Module
    
    
    ' Let the flamage begin!
    
  • faoileag (unregistered)

    Looking at the article I can not help but to think that the code might have the odd bug regarding false negatives (as others have noticed before), but without knowledge of the documents Andrew sent to the offshore team, it does not represent a wtf per se.

    Perhaps Andrew did not tell the offshore team that the string to test would come from a web form and would therefore be highly unlikely to contain bell characters etc?

    Perhaps the return value was specified as "empty string if valid, error msg when not"? Then the developer would have had all the freedom to make the error message as verbose and specific as he wanted.

    You get what you specify. Unclear specs and this is what you get. Clear specs that state "gimme precise error messages on all failures" and this is also what you get.

    Give your spec like "Function must test a string for validity as email address against relevant RFC, and return TRUE if valid, FALSE if not" and you can run sample email addresses against the delivered function and complain if the sample email addresses give false positives or negatives.

    But this being Andrew's first stab at being an offshore team lead, I wouldn't even count any bad specs on his side as a wtf. "Puppy license" applies to all new recruits. Ok, make that should apply ;-)

  • faoileag (unregistered) in reply to JimmyCrackedCorn
    JimmyCrackedCorn:
    perhaps this would have been on the way to better: (...endless lines of VB code excluded...)
    You haven't heard of http://pastebin.com/ , have you?
  • JimmyCrackedCorn (unregistered) in reply to faoileag
    faoileag:
    JimmyCrackedCorn:
    perhaps this would have been on the way to better: (...endless lines of VB code excluded...)
    You haven't heard of http://pastebin.com/ , have you?

    I thought some hadn't.

  • JimmyCrackedCorn (unregistered) in reply to JimmyCrackedCorn
    JimmyCrackedCorn:
    faoileag:
    JimmyCrackedCorn:
    perhaps this would have been on the way to better: (...endless lines of VB code excluded...)
    You haven't heard of http://pastebin.com/ , have you?

    I thought some hadn't.

    http://pastebin.com/TYX4Utax

  • Don (unregistered) in reply to Damien
    Damien:
    Meh. It has errors too:

    If Right(strEmail, 1) = "." Then strReturn = "Email address cannot end with '.'" GoTo ExitHandler

    An email address can actually end with a '.'. Its a fully qualified domain name..

    An FQDN cannot impose ambiguity, hence the name FULLY QUALIFIED in the definition. Ending or starting with a . creates ambiguity.

    I think you mean DNS RESOLVERS don't care about the dot...

  • pjt33 (cs) in reply to faoileag
    faoileag:
    Looking at the article I can not help but to think that the code might have the odd bug regarding false negatives (as others have noticed before), but without knowledge of the documents Andrew sent to the offshore team, it does not represent a wtf per se.
    Regardless of the spec, any code which could be compressed by 90% with a loop or two is a WTF unless it's explicitly commented that the loop was unrolled with a significant impact on performance.
  • Kuba (cs) in reply to Citron
    Citron:
    The real WTF is "alphanumeric characters only". With all these possible e-mail-addresses out there, the only useful thing to do for e-mail validation is to check, if the ser may have misstyped his e-mail-address, by checking for '@' and '.'. Use an opt-in to check if the user has access to the address.
    I fucking don't get why on Earth one just won't point to the applicable RFCs and be done with it. Do we really have to paraphrase internet standards all the time? Don't people have better things to do? Writing "specs" for what is a valid email address is like writing "specs" as to how a valid TCP/IP connection should look on the wire. It's like going full retard and being proud of it.
  • radarbob (unregistered) in reply to Warren
    Warren:
    OK, so they should have had a return type of boolean and used exceptions for the errors...

    Aaaarrrrggghhhhhh...

  • faoileag (unregistered) in reply to pjt33
    pjt33:
    faoileag:
    think that the code ... does not represent a wtf per se.
    Regardless of the spec, any code which could be compressed by 90% with a loop or two is a WTF unless it's explicitly commented that the loop was unrolled with a significant impact on performance.
    For a peer review, I would agree with you completely. However, this is code delivered by an offshore team. In an ideal world, you run your pre-written unit-tests against it and tell the offshore team which have failed if any fail. You do not look at the codebase itself, unless somewhere in your contract with the overseas company you have a clause that explicitly states that the code itself must also meet certain standards. Which is normally not the case. So who cares if they do the loop unrolling themselves? Let them. Perhaps they get paid by lines of code.
  • Hannes (unregistered) in reply to Don
    Don:
    Damien:
    Meh. It has errors too:

    If Right(strEmail, 1) = "." Then strReturn = "Email address cannot end with '.'" GoTo ExitHandler

    An email address can actually end with a '.'. Its a fully qualified domain name..

    An FQDN cannot impose ambiguity, hence the name FULLY QUALIFIED in the definition. Ending or starting with a . creates ambiguity.

    I think you mean DNS RESOLVERS don't care about the dot...

    DNS Resolvers DO care about the dot. If they wouldn't they couldn't resolve a URL like http://thedailywtf(dot)com(dot). But -surprise surprise- they do resolve it.

  • Mike (unregistered)

    This is why VB coders get a bad wrap. If your if statement doesn't get you all the way there just throw in another 100 or so for each possibility and you should be fine.

  • iaoth (unregistered) in reply to Mike

    bad rap*

  • faoileag (unregistered)

    bad rep.

  • anon (unregistered) in reply to faoileag

    It does it is just ugly as sin especially when it is at the end of a string It would be something like.

    strReturn = "Email address cannot contain """

  • Dave (unregistered) in reply to Kuba
    Kuba:
    I fucking don't get why on Earth one just won't point to the applicable RFCs and be done with it.

    Start by looking at the relevant RFC and showing us how you'd code for it. We could use a laugh.

  • English Man (cs) in reply to henke37
    henke37:
    But plussigns and ampserands are legal!
    plus-signs are a great way to see who has leaked your email to marketing/spam lists but sadly are only accepted by 25-50% of sites in my experience.
  • faoileag (unregistered) in reply to Dave
    Dave:
    Kuba:
    I fucking don't get why on Earth one just won't point to the applicable RFCs and be done with it.

    Start by looking at the relevant RFC and showing us how you'd code for it. We could use a laugh.

    Grzechooo already did that further up in
    Post 414825

  • Cant remember my damn login (unregistered) in reply to Warren

    no, no, no, no just NO!

    A user incorrectly entering an email address is not exceptional

  • Anonymoose (unregistered)

    Sites that don't accept plus signs make me sad and usually turn me away.

  • Abigo (unregistered) in reply to Grzechooo
    Grzechooo:
    Good that he didn't use a regular expression.

    I think I see it. It's a boat, right?

  • user+suffix@emaildomain (unregistered)

    Beyond the ludicrous use of if-then statements instead of a regex, here is another point:

    The "+" character IS valid in the username part of an email address.

    It would be nice if programmers doing email validation would actually READ the documentation regarding this.

    RFC 2822 would be a good place to start.

    www.ietf.org/rfc/rfc2822.txt

  • anonymous (unregistered) in reply to Tim B
    Tim B:
    An email address can actually end with a '.'
    Domain names can end with '.', but email addresses can't. See ttp://tools.ietf.org/html/rfc5321#section-4.1.2
    I tried typing that into my touch-tone phone, but the nice operator lady told me that it wasn't understood.
  • faoileag (unregistered) in reply to user+suffix@emaildomain
    user+suffix@emaildomain:
    It would be nice if programmers doing email validation would actually READ the documentation regarding this.

    RFC 2822 would be a good place to start.

    RFC 2822 is not exactly an easy read. Personally, I find en.wikipedia.org/wiki/Email_address#Local_part much more appealing.

  • jkupski (unregistered) in reply to Hannes
    Hannes:
    DNS Resolvers DO care about the dot. If they wouldn't they couldn't resolve a URL like http://thedailywtf(dot)com(dot). But -surprise surprise- they do resolve it.
    Actually, they do not, given that the above is a URL (as you yourself note) and not a domain name. The above is really a lot like misusing they're/their/there while being a grammar nazi.
  • da Doctah (cs)
    If InStr(strEmail, "..") > 0 Then strReturn = "Email address cannot contain '..'" GoTo ExitHandler
    Wait. Why the hell can't Email address contain '..'?

    Are you going to tell me that fred..smith@jones.com is invalid?

  • Koch (unregistered) in reply to Dave

    This ^

Leave a comment on “Email Hyper-Validation”

Log In or post as a guest

Replying to comment #:

« Return to Article