- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
There's something with the VB language that attracts WTF coders to it (remember the "Way to go, O.O!" WTF?), however the one that might take the crown for this would be MUMPS.
Admin
I thought that was the point of a database, to validate data and give simple answers to help guide the users of the system?
Admin
Admin
I can honestly that every programming language has its place in this world, including VB and its ugly stepsister VB.NET. But who, for the love of $deity, would add the keyword "IsNot"? Seriously?
Admin
The WTF seems to be entirely in the ignorance of the submitter. We don't see any validation code in this example. For all we know, the application had both client- and server-side validation of the phone number.
What we do know for sure is:
(2) is a perfectly valid design choice, even advantageous if, say, multiple applications on different platforms must write to a single DB.
Admin
You, sir, are my hero. I couldn't get the banana to fit through the ATM slot, and when I tried depositing the bleach, it wouldn't credit my account.
Admin
which is ugly as sin and makes you worry about the precedence. But adding explicit precedence just makes it uglier:
You don't write
do you? No, you write
Same thing:
Alright, so maybe it's not the greatest keyword addition ever, but it does make the resulting code more readable and easier to type.
P.S. For those of you who can't stand the suspense:
End If End If End If End If End IfAdmin
Or the equivalant C# syntax:
if(Count != 0) if(User != Nothing)
!= is IsNot, basically meaning "is not equal to"
Admin
If you ever met my old lecturer, you'd get a slap for saying data is synonymous with information
Admin
bah more vb | vb.net bashing...useless; I would code all day on papyrus with eagles blood if that is what the shop had as a standard.
Admin
how would you compile that?
Admin
On the top of a step pyramid during the summer solstice. Jeesh, you would think these new guys don't learn about legacy application development.
Admin
I'm a user and I've mistyped my name. Please beat me!
Admin
Admin
I like AndAlso and also OrElse. Unlike && and ||, they make explicit the fact that their predicates are treated asymmetrically.
Admin
Why, is he retarded or something? If he slapped me, I'd slap him back with the American Heritage Dictionary(data - 1. Factual information) then I'd shove a Webster's (data - 1 : factual information) down his throat. Is there a minute, pedantic difference between the two? Sure. But they are, for just about all intents and purposes, synonymous.
Admin
It's not that I don't like VB. I just like it better when it's not around.
Admin
For those of you who see nothing wrong with this, in the Real World™ you have something called performance and database utilization.....
Sure, for database applications that have multiple inputs doing some light validation in the DB is fine. I wouldn't push it though, 10 digits in a phone number is fine. KISS and less is more.
The app should first validate on the client. Yes, javascript. Do there, give feedback quick. Then validate (yes, again) on the app server. This is for your users that turn JS off, or are attempting to mess with your sysytem. Then finally, when JS and your app code say the data is good, feed it to the DB. Vastly better user experience, way less processing required on both the application server and the DB server.
You think your DB server can handle it? Sure, try 100000 or million users then get back to me....
Admin
Admin
When you read the whole quote, Information = a body of facts(data).
Admin
The real WTF is the use of VB in something other then a high school classroom.
Admin
Haha, VB.NET... Let me tell you something. There is no such thing as VB.NET. It's really C#, only with different words, to make it look like it's VB. There.
By the way, I don't understand why people hate AndAlso and OrElse that much. Why? it's just one choice of keywords. Would you rather this functionality wasn't there?
Admin
I was about to write more or less the same. You beat me... I don't really think it's a WTF, but having input data do a roundtrip to the DB before you can tell the user he/she is not supposed to type his/her SSN instead of a phone number, well, that's not what I would call "resource usage optimization".
BTW, the best approach here is
Admin
The correct C# syntax is
if(User != null)
In VB.Net IsNot is used for object comparison. Usually you are checking to be sure the object has a reference before you do something with it, which is why you usually see Object IsNot Nothing.
Admin
Would you like to try again?
Admin
BOBBY TABLES
Sorry, I have Tourettes.
Admin
Admin
You use MySQL, right?
Admin
It's not that we hate them so much as it is we hate that they are made necessary by the fact that the AND and OR operators don't act like we think they should.
Namely, in the statement "IF boolA AND boolB", boolB should never be evaluated if boolA is false
Admin
IIRC, when VB.Net first came out, And and Or were short circuited but it caused compatibility problems because some programmers liked to write code like this:
If Function1 Or Function2 Then End If
And they expected both function calls to occur. Obviously, if Function1 returned True, then Function2 was never executed.
Again, IIRC, when VB.Net first came out, they had BitAnd and BitOr for bitwise purposes but again, the VB's complained because it broke compatibility so they changed it.
Admin
Think about it for a second before you knock it. MS wanted to finally give the VB developers shortcut boolean evaluation (good for them), but maintain backwards compatibility with existing code so you didn't have to go through every frickin AND/OR statement and confirm that it won't break if evaluated with the new behavior. They have had enough trouble getting VB6 developers to move to a new platform, creating a million hard to diagnose logic bugs into working code after converting to VB.NET wouldn't have helped matters much and would have led to some extremely bad press.
Admin
Admin
So you're suggesting generating SQL Error Messages from values held in a table, accessed with SQL?
Admin
Sorry, above post was in reference to:
Tired.
Admin
So by your own admission && and || are hell spawns. Additionally, bitwise operations are equally viable and important in any language, regardless of the syntax.
Admin
Ensure all your data are belong to us before writing to the database
Ensure all your data are belong to us while writing to the database
Ensure all your data are belong to us after writing to the database
Ensure all your codez aer send 2 us
CAPTCHA: cogo, hipps!
Admin
You equip he eagle's beak with a needle and, gently squeezing the eagle's throat, peek it directly on the disk.
Admin
For those of you that hate VB, here is the same thing in C#. Not that it makes a difference, except sociologically, but some people get hung up over trivialities.
protected void StudentPhoneNumberRecordDataSource_HandleErrors( object sender, System.Web.UI.WebControls.SqlDataSourceStatusEventArgs e, string CommandDescription) { SqlException sqlException = e.Exception as SqlException; if(sqlException != null) { object txtPhone = e.Command.Parameters["@txtPhone"].Value; StringBuilder = new StringBuilder(); bool haveSqlErrorNumber = sqlException.Errors.Count >= 1; int firstSqlErrorNumber; if(haveSqlErrorNumber) firstSqlErrorNumber = sqlException.Errors[0].Number; if(haveSqlErrorNumber && firstSqlErrorNumber == 2627) { sb.Append(CommandDescription); sb.Append(" failed. You cannot have two phone numbers with the same type \""); sb.Append(e.Command.Parameters["@IDPhoneType"].Value); sb.Append("\" Sorry."); } else if(haveSqlErrorNumber && firstSqlErrorNumber == 8152) { sb.Append(CommandDescription); sb.Append(" failed. The entered phone number is probably too long."); } else if(haveSqlErrorNumber && firstSqlErrorNumber == 515) { sb.Append("You must enter a phone number for "); sb.Append(CommandDescription); sb.Append("."); } else { sb.Append("Unknown SQL Exception "); sb.Append(sqlException.ErrorCode); sb.Append(": "); sb.Append(sqlException.Message); } InsertionErrorPanel.Visible = true; InsertionErrorLabel.Text = sb.ToString(); e.ExceptionHandled = true; } }Personally, the most glaring things about it are the repeated tests for haveSqlErrorNumber and the gratuitously explicit use of a StringBuilder instead of String.Format() or just concatenation.
From what I can see, all this is already being done. Or maybe not. I can't see as much as you. But it's already necessary to do a round trip to the database to verify that the record doesn't already exist (what do you mean I can't have two cellphones?). So there's nothing weird about attempting to insert the record and responding to a collision. The alternative is like "Do you know what time it is?" "Yes."Admin
You equip he eagle's beak with a needle and, gently squeezing the eagle's throat, poke it directly on the disk.
Admin
In soviet russia, SQL injects YOU!
Admin
Admin
TRWTF is that nobody commenting here seems to have thought about how many layers of the application are involved here, and how this is going to affect the performance and throughput of the application.
Putting all validation on the backend means that every tier of the application is involved in something which could be caught before the user ever presses "submit"!
In typical workloads, the database is the most heavily loaded layer. Especially if this is a high-transaction environment you have to consider the extra overhead of the transaction rollback required when the DB rejects invalid data.
A better approach, both in terms of performance, throughput, scalability and user experience, would be to take the defensive programming approach, and handle validation and filtering at multiple levels:
Client-sid: Either JavaScript attached to onchange or onsubmit events in the case of a web application, or VB/C#/etc for desktop applications. This allows immediate feedback to the user with very little latency or interruption of their workflow.
Application-tier: Since client-side validation cannot be trusted to have been executed, the application should validate all information coming into it. This is good practice not just for information going to the database, but for ANY parameters being passed in from the user. Not having a consistent parameter validation framework in the application could allow for any number of different bugs or security weaknesses. Validating ALL input data in a consistent manner is a best practice for any application.
Data-tier: This should be the final gatekeeper only, acting as a check that the application itself doesn't have any errors in its logic which would subvert the data model.
In short, none of the tiers should trust the tier above them, and none of the tiers should pass unverified data to the one below them. That doesn't mean that each tier has to have exactly the same validations as the next. In an application I worked on recently, the client layer validated email addresses by a regex; the application layer validated them by regex and domain verification; and the database validated only the allowed characters. It all depends on the needs of the particular tier and the purpose to which the data is being put.
Working with multiple validations may be more complex than lumping it all together in a single location, but a proper specification of all data items, and cross-group code reviews to ensure consistent operation will take a lot of the pain out of it. The benefit of cleanly separating each tier and validating at each point will show itself in responsiveness to the user, reducing unnecessary cross-tier communication, reducing resource usage, and limiting security concerns.
Admin
FAIL!
Admin
Admin
Admin
Admin
This is such a stupid and uninformed WTF that I think I will just stop reading the DailyWTF until someone tells Jake Vinson to fuck off.
Admin
Also, many websites that try to validate my email address seem to think that a '+' sign is not allowed, which is incorrect and very very annoying. The '+' is in fact allowed (and so are many other characters; see sections 3.2.3, 3.2.4 and 3.4) and many mail systems have the convention that if you place a '+' and some tag after your mailbox name, you get the tag passed through so that you can use it for example to create a sort of sub-mailboxes.
"{}=Hello_:-)"@example.com is (thanks to the quotes) a perfectly valid email address, if I read the syntax right.
Admin
Is it complemented by a IsToo! keyword?
Admin
Did you mean Chloroform?