• idisjunction (cs)

    Making the frist post is also an agreed upon standard.

  • henke37 (cs)

    But plussigns and ampserands are legal!

  • Citron (unregistered)
    Comment held for moderation.
  • Damien (unregistered)

    Meh. It has errors too:

    If Right(strEmail, 1) = "." Then strReturn = "Email address cannot end with '.'" GoTo ExitHandler

    An email address can actually end with a '.'. Its a fully qualified domain name..

  • Hannes (unregistered) in reply to idisjunction

    Right or wrong, this is what they agreed to do to the presidents sick daughter. And let me assure you: It was no laughing matter!

  • Warren (unregistered)

    OK, so they should have had a return type of boolean and used exceptions for the errors....

  • u (unregistered) in reply to Citron
    Comment held for moderation.
  • Grzechooo (unregistered)
    Comment held for moderation.
  • ratchet freak (unregistered) in reply to u
    Comment held for moderation.
  • Tim B (unregistered) in reply to Damien
    An email address can actually end with a '.'
    Domain names can end with '.', but email addresses can't. See ttp://tools.ietf.org/html/rfc5321#section-4.1.2
  • Hannes (unregistered) in reply to Grzechooo
    Comment held for moderation.
  • JimmyCrackedCorn (unregistered)

    It would have been nice to have the routine aggregate all the validation errors so that they could be presented at once (up to a certain limit).

  • Ian Eiloart (unregistered)

    But, hey, the specs were screwed up anyway. There's no point having great programming style if you're being told to write nonsense. Almost every character is valid on the left hand side of an email address, if quoted. And the plus symbol in particular is widely used.

  • QJo (unregistered)
    Comment held for moderation.
  • QJo (unregistered)

    But seriously folks, TRWTF is:

    "Thank goodness he has his own coding experience to fall back upon."

    A suboptimal approach. Better would be to communicate with the coder in question and explain in detail the shortcomings of the design used. Then the coder learns to code and the subject of this piece learns to delegate. Doing it himself is a complete waste of the effort taken to give him PM experience.

  • csrster (unregistered)

    The real WTF is surely not using the Composite pattern to aggregate multiple validation rules in a single rule. Then each individual rule can be ruthlessly and independently unit-tested. Plus you're able instantiate these generalised validation rules using an Abstract Factory Pattern and an appropriate dependency-injection framework. Here, let me show you some UML ...

  • faoileag (unregistered) in reply to QJo
    QJo:
    But seriously folks, TRWTF is:

    "Thank goodness he has his own coding experience to fall back upon."

    A suboptimal approach. Better would be to communicate with the coder in question and explain in detail the shortcomings of the design used.

    In a way even the completely wrong apporach - if taken into consideration that it is not his job to code the validity check, but to supervise the offshore team.

  • faoileag (unregistered) in reply to csrster
    csrster:
    The real WTF is surely not using the Composite pattern to aggregate multiple validation rules in a single rule. Then each individual rule can be ruthlessly and independently unit-tested. Plus you're able instantiate these generalised validation rules using an Abstract Factory Pattern and an appropriate dependency-injection framework. Here, let me show you some UML ...
    I'm missing the XML in your design. Without XML in it, it's definitely not enterprisey enough!
  • Floobart (unregistered)

    I don't know about all the characters and weird combinations he checks for, but I do know that email addresses can contain + (plus) " (quotes) and ( ) (parentheses)

    CAPTCHA: immitto - post this immitto!

  • faoileag (unregistered)
    strReturn = "Email address cannot contain " & Chr(34)
    Don't tell me Visual Basic has no other means to include a quote in string?
  • wrojr (unregistered)

    TRWTF is that code being wildly used, since so many forms don't accept the + and so on...

  • Mattmon (unregistered)

    If InStr(strEmail, "frist") > 0 Then strReturn = "Email address cannot contain 'frist'" GoTo ExitHandler End If

  • Christian (unregistered)

    Hi,

    and this is my all time favourite ....

    If InStr(1, strEmail, "+") > 0 Then strReturn = "Email address cannot contain '+'" GoTo ExitHandler End If

    Why the hell shouldn't an email address contain a +. I use that all the time.

    Greetings Christian

  • JimmyCrackedCorn (unregistered)
    Comment held for moderation.
  • faoileag (unregistered)

    Looking at the article I can not help but to think that the code might have the odd bug regarding false negatives (as others have noticed before), but without knowledge of the documents Andrew sent to the offshore team, it does not represent a wtf per se.

    Perhaps Andrew did not tell the offshore team that the string to test would come from a web form and would therefore be highly unlikely to contain bell characters etc?

    Perhaps the return value was specified as "empty string if valid, error msg when not"? Then the developer would have had all the freedom to make the error message as verbose and specific as he wanted.

    You get what you specify. Unclear specs and this is what you get. Clear specs that state "gimme precise error messages on all failures" and this is also what you get.

    Give your spec like "Function must test a string for validity as email address against relevant RFC, and return TRUE if valid, FALSE if not" and you can run sample email addresses against the delivered function and complain if the sample email addresses give false positives or negatives.

    But this being Andrew's first stab at being an offshore team lead, I wouldn't even count any bad specs on his side as a wtf. "Puppy license" applies to all new recruits. Ok, make that should apply ;-)

  • faoileag (unregistered) in reply to JimmyCrackedCorn
    Comment held for moderation.
  • JimmyCrackedCorn (unregistered) in reply to faoileag
    Comment held for moderation.
  • JimmyCrackedCorn (unregistered) in reply to JimmyCrackedCorn
    Comment held for moderation.
  • Don (unregistered) in reply to Damien
    Damien:
    Meh. It has errors too:

    If Right(strEmail, 1) = "." Then strReturn = "Email address cannot end with '.'" GoTo ExitHandler

    An email address can actually end with a '.'. Its a fully qualified domain name..

    An FQDN cannot impose ambiguity, hence the name FULLY QUALIFIED in the definition. Ending or starting with a . creates ambiguity.

    I think you mean DNS RESOLVERS don't care about the dot...

  • pjt33 (cs) in reply to faoileag
    faoileag:
    Looking at the article I can not help but to think that the code might have the odd bug regarding false negatives (as others have noticed before), but without knowledge of the documents Andrew sent to the offshore team, it does not represent a wtf per se.
    Regardless of the spec, any code which could be compressed by 90% with a loop or two is a WTF unless it's explicitly commented that the loop was unrolled with a significant impact on performance.
  • Kuba (cs) in reply to Citron
    Citron:
    The real WTF is "alphanumeric characters only". With all these possible e-mail-addresses out there, the only useful thing to do for e-mail validation is to check, if the ser may have misstyped his e-mail-address, by checking for '@' and '.'. Use an opt-in to check if the user has access to the address.
    I fucking don't get why on Earth one just won't point to the applicable RFCs and be done with it. Do we really have to paraphrase internet standards all the time? Don't people have better things to do? Writing "specs" for what is a valid email address is like writing "specs" as to how a valid TCP/IP connection should look on the wire. It's like going full retard and being proud of it.
  • radarbob (unregistered) in reply to Warren
    Warren:
    OK, so they should have had a return type of boolean and used exceptions for the errors...

    Aaaarrrrggghhhhhh...

  • faoileag (unregistered) in reply to pjt33
    pjt33:
    faoileag:
    think that the code ... does not represent a wtf per se.
    Regardless of the spec, any code which could be compressed by 90% with a loop or two is a WTF unless it's explicitly commented that the loop was unrolled with a significant impact on performance.
    For a peer review, I would agree with you completely. However, this is code delivered by an offshore team. In an ideal world, you run your pre-written unit-tests against it and tell the offshore team which have failed if any fail. You do not look at the codebase itself, unless somewhere in your contract with the overseas company you have a clause that explicitly states that the code itself must also meet certain standards. Which is normally not the case. So who cares if they do the loop unrolling themselves? Let them. Perhaps they get paid by lines of code.
  • Hannes (unregistered) in reply to Don
    Comment held for moderation.
  • Mike (unregistered)

    This is why VB coders get a bad wrap. If your if statement doesn't get you all the way there just throw in another 100 or so for each possibility and you should be fine.

  • iaoth (unregistered) in reply to Mike

    bad rap*

  • faoileag (unregistered)

    bad rep.

  • anon (unregistered) in reply to faoileag

    It does it is just ugly as sin especially when it is at the end of a string It would be something like.

    strReturn = "Email address cannot contain """

  • Dave (unregistered) in reply to Kuba
    Kuba:
    I fucking don't get why on Earth one just won't point to the applicable RFCs and be done with it.

    Start by looking at the relevant RFC and showing us how you'd code for it. We could use a laugh.

  • English Man (cs) in reply to henke37
    henke37:
    But plussigns and ampserands are legal!
    plus-signs are a great way to see who has leaked your email to marketing/spam lists but sadly are only accepted by 25-50% of sites in my experience.
  • faoileag (unregistered) in reply to Dave
    Comment held for moderation.
  • Cant remember my damn login (unregistered) in reply to Warren

    no, no, no, no just NO!

    A user incorrectly entering an email address is not exceptional

  • Anonymoose (unregistered)

    Sites that don't accept plus signs make me sad and usually turn me away.

  • Abigo (unregistered) in reply to Grzechooo
    Comment held for moderation.
  • user+suffix@emaildomain (unregistered)

    Beyond the ludicrous use of if-then statements instead of a regex, here is another point:

    The "+" character IS valid in the username part of an email address.

    It would be nice if programmers doing email validation would actually READ the documentation regarding this.

    RFC 2822 would be a good place to start.

    www.ietf.org/rfc/rfc2822.txt

  • anonymous (unregistered) in reply to Tim B
    Tim B:
    An email address can actually end with a '.'
    Domain names can end with '.', but email addresses can't. See ttp://tools.ietf.org/html/rfc5321#section-4.1.2
    I tried typing that into my touch-tone phone, but the nice operator lady told me that it wasn't understood.
  • faoileag (unregistered) in reply to user+suffix@emaildomain
    Comment held for moderation.
  • jkupski (unregistered) in reply to Hannes
    Comment held for moderation.
  • da Doctah (cs)
    If InStr(strEmail, "..") > 0 Then strReturn = "Email address cannot contain '..'" GoTo ExitHandler
    Wait. Why the hell can't Email address contain '..'?

    Are you going to tell me that fred..smith@jones.com is invalid?

  • Koch (unregistered) in reply to Dave

    This ^

Leave a comment on “Email Hyper-Validation”

Log In or post as a guest

Replying to comment #:

« Return to Article