- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
meh...funny?
Admin
I must say, that Null is a pretty software-crashing name :)
Admin
Obviously the chances of someone being named "Null" is not that bad. However, the fact that it took empty search fields to be a string value of "Null" is the WTF. It should've came back with something like "Please provide one or more search values"
Admin
this smells like SQL-Injection? Inviting desaster to lunch...
Admin
Or how about N.A. Jones?
Or maybe <null> , the asshole who legally changed his name to have the angle brackets. It's unpronouncable.
Admin
I wouldn't be surprised to learn that no matter what criteria you enter, you will never be able to locate Dr. Stephen Null, Dr. Tomas Null, or Dr. William Null.
-Harrow.
Admin
If (lastName IS NULL OR lastName = 'NULL') THEN
I can't think of what else it could be.
Admin
How many of us tried to see if we could get on the site to check this though?
I know I did (can't be bothered trying to find out how to register though, and havent got time to try and get in by force/stealth)
Captcha:- pigeons
Admin
The real wtf is that when hiding information in screen captures, don't use blur or mosaic. Use a solid color!
I guess I should read the article now. meh.
Admin
i like the login screen on their site - the helpful message is a haiku:
Express Login A Fast Loading Page That Can Be Bookmarked For Your Convenience
Admin
Let me see if I get it: The WTF is that a search with no criteria searched for the STRING "Null" instead of either A) having an error message saying you need to enter criteria or B) Using the actual SQL value NULL. Right?
Seems like a kinda tame WTF to me.
Admin
Is that phone number 1-858-480-1067 ??
What are the results of the blood test? true, false, maybe, file not found?
captcha: smile - anagram for imels
Admin
Well, that could simply be the "lastName" variable referenced in a query without checking wether it is Null or not. Some OO-languages will always reply "null" when you ask for a null pointer to be casted as a String. Indeed it would be great if it showed somthin' quite like a NullPointerException or such.
In fact, not checking before casting might either crash the application or give weird results like this. Interesting, through !
Admin
It'd be great name. Dr. Dev Null, I presume?
Admin
sounds like someone built SQL from a string and forgot to add ' around the strings contained within the string.
for example: declare @string varchar(255), @search varchar(255) set @search = 'NULL' set @string = 'select * from table where name = '+@search exec sp_executesql @string (which would never return anything) humorous, but not inconceivable.
Admin
And how would someone search for "The Artist Formelly Known As Prince" in the days he used that weird symbol as his name. It's not even a unicode character, neither a symbol of WingDing font.
Admin
The name's Null, Dev Null!
Admin
...Spock You-Couldn't-Pronounce-It
Admin
It was easy, you searched for "Prince" and you got everything that had his prior discography and everything under "formally known as Prince". Remember, unofficially everyone still called him "Prince" or "The Artist", the name change was purely for legal purposes.
Admin
A friend of mine has the email address null@<domain>.<tld> You can't imagine how much test-emails he receives, including ones that contain real user names and passwords. People assume that 'null' is a non-existing email adres so they expect their test-emails to bounce. Which they don't....
Admin
The Satanic Dr. Null.
Admin
The dietician Gary Null has a radio show on Pacifica (which I would not recommend).
The archetype for this one is Jon Bentley's story in one of the Programming Pearls books about the APL program that failed whenever it hit the Ecuadorean data set. Alas, the capital of Ecuador is Quito, a prefix of the magic token Quit.
Admin
I can get to the site, because I work there. It's not true. The only way to get Mr. Null to come up in the search results is to enter "Null" in the name. The submitter did so and then deleted it before grabbing a screen shot. So, whoever you are, you're a liar.
Admin
Having worked for CardinalHealth before the phonebook website does not allow empty fields, although Dr. Null is a real person. This is fake. There are quite a number of WTF's here though. Ask me about the VB ap connecting to the Oracle database running a query to pull data from an SAP application...yeah...
Admin
Actually, this is not a search for a doctor - this is our internal phone book (Cardinal employee's). Still, rather disappointing...
Admin
Does your last name start with K?
Admin
At this point I'm kinda amazed at the number of Cardinal employees/contractors who read WTF. Hello all! ::waves invitingly::
Admin
Admin
is there a 5-5-5 haiku I don't know about?
I thought it was 5-7-5
Admin
I think this is fake to be honest I can't see how this can be implemented. Null = null evals to false... so for a real null to be there then nothing should be returned..
Admin
Precision: There are no magic tokens or reserved words in APL itself, so it must have been in the application.
Admin
Admin
Yep, it is supposed to be 5-7-5, though it is also supposed to allude to the natural world and/or a season, if you want to get really picky...
Admin
After some thought this is a pretty good WTF. It's "Null". "Null" or "NULL" should NOT equal NULL
Admin
Wow, paranoid much? Consider this - in the R&D building where I work, everyone gets in around the same time in the morning, and most of us have WTF as one of our start pages.
Admin
Ha! I was shocked to see this as I just left the company. (my job moved to dublin! rat bastards!)
./wave at all my fellow ex-coworkers...
aren't you all supposed to be fixing something?
Naaa... it's a big company that stays behind the scenes for a HUGE amount of medical stuff. It's spread out all over the place so lots of IT.
Admin
Null, Mr. Bond, I expect you to die!
Admin
Admin
RSS readers all update at roughly the same time and since we all freaked when we saw it....
Admin
Hello, I'm doctor "; DROP TABLE; pleased to meet you.
Admin
Well done, you just made me spit tea all over my laptop screen.
Admin
Working with the UK NHS directory, it was said that there were quite a few of "Dr. Death" in the list; five or fifty, depending on who was telling the story. For some reason this got a laugh.
Admin
Either the submitter, Michael, was lying, or he was being very disingenuous in his submission.
A quick look at the source for this page reveals:
Quick search: if(input == null || input == ""){
Detailed search: if((fn == "") && (ln =="") && (location == "") && (business =="")){ alert("Enter a value for Detailed Search"); document.form9.firstName.focus(); } else{ if(noInvalidCharFn(fn)){ fnValid=true; if(noInvalidCharLn(ln)){ lnValid=true;
And no, submitting with only spaces in either the quick search or the detailed search textbox fields does not work, either. The noInvalidChar* routines trim whitespaces and validate that the resulting string is not empty.
The only way he could have submitted a search request with no parameters would be to have modified the JavaScript code to disable this check locally, or performed some sort of submission trickery that a typical user would not be able to do. I personally did not bother to go out of my way to test this, but it's reasonable that bypassing the JavaScript check might result in a small issue like this. Hardly a WTF.
There is also the very unlikely possibility that the page was corrected between Michael's screenshot and when the first CH employee attempted to confirm the result. I sincerely doubt such an important page would be updated with such thorough validation routines so quickly, however.
I'm actually more curious as to why Michael would be searching for his doctor on an internal company phone book that I hope is not accessible to the public, however.
This story was almost certainly fabricated, and makes me wonder about other stories on this site. Though you can't blame Jake, as he would obviously not be able to personally verify this himself before accepting the submission ...
Admin
Huh, wouldn't entering an invalid character result in nothing happening? Or did you leave out an else?
Anyway, does the site actually claim anywhere that the articles are guarenteed to be real? Aren't these stories just supposed to be entertainment? If an occasional fictional story passes through, so what?
Admin
Nah. Sorry, I didn't want to post the source to the entire non-public page here. If you fail that test, it just returns "no records found" and doesn't actually search anything.
The only way this would be an issue is if the site is performing loose SQL queries based on the search strings, hoping that JavaScript filters the strings safely, but the backend should at least be protected against escape quotes. I hope. I don't have access to that to tell you, though.
Admin
For those who don't know, Null is a last name shared by 0.003% of all Americans. In 1990 it was the 4509th most popular last name.
Admin
Just a thought: what if you disable javascript? Does the form stil get submitted?
Admin
Is it too late to have my name changed to Mr. No Carrier?
Admin
I searched two days ago for Null Null in the whitepages (purely coincidental!), and found some people .
Is Null really a surname, or is it problems when merging some databases?
Admin
I figure this is possible if the backend DB is Oracle. After all, Oracle thinks NULL and the empty string are equal, doesn't it?