- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Making the frist post is also an agreed upon standard.
Admin
But plussigns and ampserands are legal!
Admin
The real WTF is "alphanumeric characters only". With all these possible e-mail-addresses out there, the only useful thing to do for e-mail validation is to check, if the ser may have misstyped his e-mail-address, by checking for '@' and '.'. Use an opt-in to check if the user has access to the address.
Admin
Meh. It has errors too:
If Right(strEmail, 1) = "." Then strReturn = "Email address cannot end with '.'" GoTo ExitHandler
An email address can actually end with a '.'. Its a fully qualified domain name..
Admin
Right or wrong, this is what they agreed to do to the presidents sick daughter. And let me assure you: It was no laughing matter!
Admin
OK, so they should have had a return type of boolean and used exceptions for the errors....
Admin
It states "In following with agreed upon standards" - it is nowhere said that they are following RFC standards.
Admin
Good that he didn't use a regular expression.
Admin
isn't TRWTF that Andrew didn't specify that the RFC standard should be followed
though I'm afraid of the code that would come out of that specification
Admin
Admin
Well, he had 99 problems once and used regular expressions. In the end, he had 100 problems.
http://xkcd.com/1171/
Also, I find it interesting that Akismet catches the url in the QUOTE and think it's spam...
Admin
It would have been nice to have the routine aggregate all the validation errors so that they could be presented at once (up to a certain limit).
Admin
But, hey, the specs were screwed up anyway. There's no point having great programming style if you're being told to write nonsense. Almost every character is valid on the left hand side of an email address, if quoted. And the plus symbol in particular is widely used.
Admin
Aha! I know this - TRWTF is using Goto! Do I win a prize?
Apart from that, all perfectly cromulent. Oh, apart from not leaving a neat space between the instances of the function names (Len, instr etc.) and their arguments.
Look how much better 'If InStr (strEmail, "@") = 0 Then' looks.
Admin
But seriously folks, TRWTF is:
"Thank goodness he has his own coding experience to fall back upon."
A suboptimal approach. Better would be to communicate with the coder in question and explain in detail the shortcomings of the design used. Then the coder learns to code and the subject of this piece learns to delegate. Doing it himself is a complete waste of the effort taken to give him PM experience.
Admin
The real WTF is surely not using the Composite pattern to aggregate multiple validation rules in a single rule. Then each individual rule can be ruthlessly and independently unit-tested. Plus you're able instantiate these generalised validation rules using an Abstract Factory Pattern and an appropriate dependency-injection framework. Here, let me show you some UML ...
Admin
Admin
Admin
I don't know about all the characters and weird combinations he checks for, but I do know that email addresses can contain + (plus) " (quotes) and ( ) (parentheses)
CAPTCHA: immitto - post this immitto!
Admin
Admin
TRWTF is that code being wildly used, since so many forms don't accept the + and so on...
Admin
If InStr(strEmail, "frist") > 0 Then strReturn = "Email address cannot contain 'frist'" GoTo ExitHandler End If
Admin
Hi,
and this is my all time favourite ....
Why the hell shouldn't an email address contain a +. I use that all the time.
Greetings Christian
Admin
I know VB, but perhaps this would have been on the way to better:
Module VBModule Sub Main() Console.WriteLine(LibValidateEmail("[email protected]")) End Sub Module VBModule Sub Main() Console.WriteLine(LibValidateEmail("[email protected]") ) End Sub Function LibValidateEmail(ByVal strEmail As String) As String ' ' Validate email address - if valid returns "". ' Dim strReturn As String = "" If Len(strEmail) < 7 Then strReturn = MoreErrors(strReturn,"Please fill in full email address") End If If CharacterCount(strEmail, "@") <> 1 Then strReturn = MoreErrors(strReturn, "Address must contain only one '@' character") End If If Left(strEmail, 1) = "@" Then strReturn = MoreErrors(strReturn,"Email address cannot start with '@'") End If If Right(strEmail, 1) = "@" Then strReturn = MoreErrors(strReturn,"Email address cannot end with '@'") End If If InStr(strEmail, ".@") > 0 Then strReturn = MoreErrors(strReturn,"Email address cannot contain '.@'") End If If InStr(strEmail, "@.") > 0 Then strReturn = MoreErrors(strReturn,"Email address cannot contain '@.'") End If If InStr(strEmail, "..") > 0 Then strReturn = MoreErrors(strReturn,"Email address cannot contain '..'") End If If Left(strEmail, 1) = "." Then strReturn = MoreErrors(strReturn,"Email address cannot start with '.'") End If If Right(strEmail, 1) = "." Then strReturn = MoreErrors(strReturn,"Email address cannot end with '.'") End If If Not ValidateChars(strEmail) Then MoreErrors(strReturn,"Email address cannot contain invalid characters") End If If Not ExcludeChars(strEmail) Then MoreErrors(strReturn,"Email address cannot contain invalid characters") End If If InStr(strEmail, Chr(34)) > 0 Then strReturn = MoreErrors(strReturn,"Email address cannot contain " & Chr(34)) End If If InStr(strEmail, Chr(127)) > 0 Then strReturn = MoreErrors(strReturn,"Email address cannot contain invalid characters") End If End Function ' Eliminate low end of ASCI range Function ValidateChars(ByVal value As String) As Boolean Dim errorFlag As Boolean = true For Each c As Char In value if Convert.toInt32(Convert.ToByte(c)) < 33 errorFlag = false exit for end if Next Return errorFlag End Function ' Exclude specific characters Function ExcludeChars(ByVal value As String) As Boolean Dim okFlag As Boolean = true Dim excludedChars As String = "!#$%&^*()+,/:;<=>?[\]`~{|}" For Each c As Char In value If InStr(excludedChars,c) > 0 Then okFlag = false exit for end if Next Return okFlag End Function ' Simple count of a specific character Function CharacterCount(ByVal value As String, ByVal ch As Char) As Integer Dim cnt As Integer = 0 For Each c As Char In value If c = ch Then cnt += 1 Next Return cnt End Function ' Concatinate a string Function MoreErrors(ByVal strError As String, ByVal strMore As String) As String return strError & vbCrLf & strMore End Function End Module ' Let the flamage begin!Admin
Looking at the article I can not help but to think that the code might have the odd bug regarding false negatives (as others have noticed before), but without knowledge of the documents Andrew sent to the offshore team, it does not represent a wtf per se.
Perhaps Andrew did not tell the offshore team that the string to test would come from a web form and would therefore be highly unlikely to contain bell characters etc?
Perhaps the return value was specified as "empty string if valid, error msg when not"? Then the developer would have had all the freedom to make the error message as verbose and specific as he wanted.
You get what you specify. Unclear specs and this is what you get. Clear specs that state "gimme precise error messages on all failures" and this is also what you get.
Give your spec like "Function must test a string for validity as email address against relevant RFC, and return TRUE if valid, FALSE if not" and you can run sample email addresses against the delivered function and complain if the sample email addresses give false positives or negatives.
But this being Andrew's first stab at being an offshore team lead, I wouldn't even count any bad specs on his side as a wtf. "Puppy license" applies to all new recruits. Ok, make that should apply ;-)
Admin
Admin
I thought some hadn't.
Admin
http://pastebin.com/TYX4Utax
Admin
I think you mean DNS RESOLVERS don't care about the dot...
Admin
Admin
Admin
Aaaarrrrggghhhhhh...
Admin
Admin
DNS Resolvers DO care about the dot. If they wouldn't they couldn't resolve a URL like http://thedailywtf(dot)com(dot). But -surprise surprise- they do resolve it.
Admin
This is why VB coders get a bad wrap. If your if statement doesn't get you all the way there just throw in another 100 or so for each possibility and you should be fine.
Admin
bad rap*
Admin
bad rep.
Admin
It does it is just ugly as sin especially when it is at the end of a string It would be something like.
strReturn = "Email address cannot contain """
Admin
Start by looking at the relevant RFC and showing us how you'd code for it. We could use a laugh.
Admin
Admin
Admin
no, no, no, no just NO!
A user incorrectly entering an email address is not exceptional
Admin
Sites that don't accept plus signs make me sad and usually turn me away.
Admin
I think I see it. It's a boat, right?
Admin
Beyond the ludicrous use of if-then statements instead of a regex, here is another point:
The "+" character IS valid in the username part of an email address.
It would be nice if programmers doing email validation would actually READ the documentation regarding this.
RFC 2822 would be a good place to start.
www.ietf.org/rfc/rfc2822.txt
Admin
Admin
Admin
Admin
Are you going to tell me that [email protected] is invalid?
Admin
This ^