- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Why waste so much effort telling the user exactly what is wrong with their email address? Just use a generic "Please enter a valid email address" message. I mean, 99.9% of the time you are expecting users to enter valid data, right?
Admin
On the plus side, at least it didn't try to parse HTML.
Admin
Well, what do URLs mostly contain? Maybe Domain Names?
Also, a FQDN does indeed have a dot at the end: (dot)com(dot), so the DNS can resolve the root server responsible for "com".
Or, you could just try and read the wiki article about FQDN. ;)
Admin
He was given this project to gain PM experience. Thus, the right action is to not review the code, allow the dev to check it in, compile and if no errors, launch. Then report to your boss that this project was successfully completed on time, within budget and the clients are incredibly happy.
Next up- Project Management Lesson 2: The Perfect Project - How to Keep Client Complaints from Your Boss and Make Bug Reports Disappear
Project Management Lesson 3: Ethics Schmethics - It's only wrong if your caught and How to Say Sorry Like a Boss.
Admin
I don't agree on this. It's in the interest of the customer that the code meets the coding standards and not in the interest of the offshore company. The customer will have to pay the technical debt later. So you should take a look in the code to enforce the interests of your customer.
Furthermore I read in some studies that white box tests find more errors in the same time than black box tests.
Admin
All you should check for is "x@y"
This is the minimum spec for an email address.
Admin
The RWTF is they outsourced such a simple task...
Admin
TRWTF is that not only the dev team, but every comment in this thread chose the wrong meaning of "valid." A character string can pass RFC_whatevernumber but still not be valid because no such email address exists.
Thus, the validation code needs to go like this: (pseudo-pseudocode)
pingit := pine $address_to_be_validated if (pingit != NULL ) { # must have got some bounceback nastygram Table_reject($address_to_be_validated) }
Admin
Couple of things:
Quality of code: Today's lesson will be loops. This is a basic computer construct that everyone should know. Study it well, it will be used in a test later.
On validating email addresses: Email addresses can range from the simple to the very complex. There are many standards. Read them. For the most part if you want to have an address that will be globally useful, it most likely contains two things: It contains an '@', and it has at least one '.' after the '@'. Sure there are other constraints, but for the most part this is enough. Ask the person who typed it in to do it twice, and they will usually get it right (or it will be intentionally wrong). If you want to validate further, send a confirming email and await a response. If you get one, it is probably good to go. Anything else is getting close to a waste of time.
Admin
Or was that not a typo and you really meant pine the e-mail client?
Admin
The real WTF is writing code to validate an email address. Use existing libraries.
Admin
Yeah, people like Warren that abuse exceptions need to be thrown in a deep, dark dungeon somewhere.
Admin
"Kerbleckistan Considered Harmful"
Admin
Riiiiiiight. So are your unit tests going to catch that the thing runs like a bag of spanners?
Admin
Surely even an idiotic offshore developer in pakistan would know how to use Google to look up a regex for email validations?
One line of code PEOPLE.
Admin
Admin
Yes, yes I did. You can use elm if you prefer :-).
And daggonit, this is thedailywtf. Every post is assumed to have <sarcasm> and <satire> tagged
Admin
Admin
Looks quite solid and is way faster than a regular expression. no wtf ;)
Admin
Rejecting things like plus signs and two dots in a row comes from the philosophy of "I've never seen one like that, it's probably invalid", rather than actually checking the specs.
I have a personal email address that ends in dot-us. One website I went to rejected that. I tried changing it to dot-com -- of course not my correct email address then, but just to see -- and it accepted it. I guess they don't want a lot of grubby foreigners on their system, but you think they'd allow in Americans who use the us TLD.
I would think that for something like validating the user's email address, if for whatever reason you can't get exactly the right rules, you would want to err on the side of accepting too much rather than too little. The main point of a validation like that is to catch user brain freezes, like he accidentally types his phone number in the e-mail field. So just checking for "includes an @ and at least one period after the @" is probably a not-bad validation.
Admin
Hey, this brings to mind an actual serious thought: How tight should a validation be?
If you are validating an email address, you COULD keep a list of all the valid TLDs and validate against that. Then if a user trying to type in "com" accidentally typed "cim", you'd catch it. But I've never done that and I doubt I ever will, because it would require keeping that list up to date, which would mean constantly monitoring for the creation of new TLDs. That sounds like way too much trouble.
Of course on the flip side, some validations must be 100% tight. Like if I'm validating a user's password, I'm not going to say, "oh, okay, the last character was wrong, but that's probably just a typo, we'll let you in."
Admin
Exactly. I don't know how many times I've heard, "What?! You're going to write that function yourself?! That's crazy. Just search for something on the Internet, then you don't have to debug it yourself."
The assumption there, of course, is that anything downloaded from the Internet is guaranteed to not only be 100% correct but also to 100% meet my requirements. There's absolutely no reason to believe that's true, and plenty of reason to believe it's wildly false.
Admin
Admin
Pssht, anyone who knows what they're doing should have a gmail account with normal characters, and type it all lowercase. At least anyone we want associated with our site.
Addendum (2013-08-12 15:18): *
Muphry's Law
Admin
Not necessarily. You're assuming this email address field would be accepting all email addresses in the world.
It's quite possible that the field is on an internal screen, and that the format of email address is known ahead of time. It still might be sub-optimal to have custom validation considering the plethora of times validating email address has been solved, but it's reasonable that a company knows all of their emplyee email address are in the same format.
Similarly, validating extensions on phone numbers would be dumb, but not if the phone number is the number to my desk, and every employee accessing the program should have one.
Admin
Actually, by the email address RFC(s), it cannot, see
http://www.faqs.org/rfcs/rfc1123.html section 5.2.18
"Some systems over-qualify domain names by adding a trailing dot to some or all domain names in addresses or message-ids. This violates RFC-822 syntax."
Admin
Shall we count the ways this violates RFC 2822? (Could take a while.)
Let's just leave it at, "Very exhaustively wrong."
Admin
I wouldn't put my hands on fire for VB support of RegExp.
OTOH, I've met my share of "developers" that don't even know what RegExp is. Ask around, it might surprise you.
Admin
[a-zA-z]
What the FUCK is that?
Admin
Admin
Admin
Then again, a lot of developers I work with have been going at this for so long, technologies such as RegEx were just never introduced to them.
Admin
Meh, yet another email validator that doesn't accept "@ @"@example.com as valid (or the light version "@_@"@example.com ).
Admin
Muphry's Law
Admin
And it has absolutely nothing to do with email.
"myhomenetwork" is a valid domain.
"an_awesome_coder@myhomenetwork" is a valid email address.
Sending email to "an_awesome_coder@myhomenetwork" will succeed as long as the machine sending the email can resolve MX records for "myhomenetwork."
I will concede, though, that any email address used in the real world that's input by a user in some non-geeky and non-ops related software will have at least one dot following the @ character though.
Admin
You have to admit they didn't go nearly far enough with that method, though. Consider:
if strEmail == "!@!.!" Or strEmail == "!@!.#" Or strEmail == "a@!.$" Or
... a modest amount of code left out strEmail == "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz@zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz" Then return True
Admin
^ This
It is always much easier to make a whitelist of what you support than trying to blacklist all possible unsupported cases. This is the way it should be done
Captcha aptent: I would not aptent it any other way
Admin
That's all characters between A and z meaning:
Or put another way: all characters between ASCII 65 and ASCII 122.
Admin
To be even more pedantic, even "URLs mostly contain domains names" is also not necessarily an accurate statement. It contains protocol information (http), a separator (://), host information (www.example.com), an optional port number (:80), and the full path to a resource on that host (/fake/path/example.htm).
Hell, the URL to reply to your comment, http://thedailywtf.com/Comments/AddComment.aspx?ArticleId=7636&ReplyTo=414871&Quote=Y, is a great example of your inaccuracy. My DNS resolver can't make heads nor tails of it. :)
Admin
Admin
Hey everyone, I'm having a problem related to this story. I'm trying to make a list of email addresses that I can validate entries against, but typing it all out is really slow. Can some people help me out?
Here is what I have so far:
Admin
Admin
Its better than the boring old regex approach brings spice to your life
Admin
Admin
Especially since that regex implements RFC 822, which is incredibly obsolete...having been superseded by RFC 2822 and then by RFC 5322.
Admin
The + is often used so you can filter SPAM.
Why do people want your email address? Why do you think they don't want the '+' there?
HINT: People who want your email address probably don't care much about the standards. They want to know they can send you email you will READ (or at least be forced to notice). That is, until the sender is blocked, or your Bayesian SPAM filter sees it for what it is.
People always assume that "nobody knows that + is valid in email addresses" - I think it's more that "nobody CARES that + is valid in email addresses"
Admin
insert rant about how data validation is over used....
It's easy to spot a bodgey address if it's: No Way You gunna get my emial MF
than if it's: [email protected]
One of the questions that needs to be considered is "Why do they need an email address?". Normally it's so they can send you stuff (in which case send something with a link and see if it works). Sometimes it's under the pretext of verifying your identity (or at least somehow holding you to account for how you use their site - and again, if you NEED the address, verify it via an emailed link). Sometimes it's because they want to send you SPAM (actually in all cases this could be the case - and again SEND A LINK).
The only time when you don't need to send a link to verify, is in cases where you don't intend to use the email. But if you don't intend using it, why ask for it?
Of course everyone does, simply because they like having your information, but the only certain way to see that the address exists (even if for only a fleeting moment) is to have an email send there and somehow verified.
Who gives a shit about the actual format? This is a classic case of programmers overthinking the problem and reengineering the wheel.
There's a difference between a valid email address and a real email address. Many people ask for valid when they mean real - at the end of the day, a valid email address that doesn't exist is about as useful as an invalid one. And if you demand a valid one, I'll either use my enemies one (and hope you don't verify it) or make up some stupid one that doesn't exist anyway....
Admin
It does, but Chr(34) is more readable than """".
Admin
Admin
Akismet says I should sell you stolen credit cards instead.