• Andy (unregistered) in reply to Jim Fell
    Jim Fell:
    mystery:
    Try as i might, i can't think of a way to make this worse.

    Also FRIST

    return (bool)(valid == "true");

    ReferenceError: bool is not defined

  • (cs) in reply to Ken B.
    Ken B.:
    mystery:
    Try as i might, i can't think of a way to make this worse.
    Don't use indexOf(), and use a nested for-loop instead.
    Pretty sure that that's how indexOf works internally anyway, so the algorithm is already quadratic and your suggestion would in fact be marginally more efficient as you've saved the procedure call overhead by effectively inlining indexOf.
    Ken B.:
    Or, "better" still, don't hard-code the list of "invalid" characters, and query an SQL table instead of indexOf().
    That still works though!
  • Mike (unregistered) in reply to boog
    boog:
    frits:
    Oh boo hoo. Do you want some cheese with that whine? Why would something this easy to fix bring tears to your eyes?
    Tears of joy, perhaps?

    Or perhaps tears of laughter.

  • (cs) in reply to snoofle
    snoofle:
    To be fair, given the sheer volume of problems most developers seem to have with booleans (as evidenced by articles on this site), I can empathize with someone using strings to represent truth.
    So they can replace the boolean problems with boolean string representation problems?
  • Doug (unregistered)

    I love how the submitter's own name should fail the check. How appropriate.

  • Could I Bother You to Recharge My Zune? (unregistered) in reply to Mike
    Mike:
    boog:
    frits:
    Oh boo hoo. Do you want some cheese with that whine? Why would something this easy to fix bring tears to your eyes?
    Tears of joy, perhaps?
    Or perhaps tears of laughter.
    Maybe it's the tearing ass-pain from the vicious sodomy this code unleashes on one's sense of programming decency. When your boss tells you to leave it alone, it feels like your dick was lopped-off by a flat rock covered with fire ants.

    Why didn't anyone else think of that?

  • Could I Bother You to Recharge My Zune? (unregistered) in reply to PedanticCurmudgeon
    PedanticCurmudgeon:
    snoofle:
    To be fair, given the sheer volume of problems most developers seem to have with booleans (as evidenced by articles on this site), I can empathize with someone using strings to represent truth.
    So they can replace the boolean problems with boolean string representation problems?
    It's like the RapeEx. Put one in your puss and it wont get touched, but now he's just going to fuck your ass, and it's not like he's prepared with lube!
  • jverd (unregistered) in reply to mystery
    mystery:
    Try as i might, i can't think of a way to make this worse.

    "There is no problem in computer science that cannot be solved with another level of indirection". Including the problem of horrible code not being horrible enough.

  • (cs) in reply to PedanticCurmudgeon
    PedanticCurmudgeon:
    snoofle:
    To be fair, given the sheer volume of problems most developers seem to have with booleans (as evidenced by articles on this site), I can empathize with someone using strings to represent truth.
    So they can replace the boolean problems with boolean string representation problems?
    Whoosh....
  • iToad (unregistered) in reply to QJo
    QJo:
    Cishuman:
    But then, I'm going to think: you can't forbid space as a valid character, we're in the 21st Century!
    And? What is it about the new millennium that makes users believe that they are entitled to the use of their space bar?

    Really, they should be thankful that they are allowed to use capital letters - and they should remember, that's a privilege, not a right.

    Excuse me, it's you perishing kids insist on being able to use lowercase in your programs who are the upstarts. When I started programming, lowercase hadn't been invented.

    In my case, this may be literally true. I don't remember lower case being available on an IBM 026 keypunch, much less any of these other wierdo characters. Now I feel old.

  • nagesh (unregistered) in reply to mjk340
    mjk340:
    Take in an array of strings, display it in a command prompt using echo, take a screen shot, send it to the printer, have an intern black out the bad characters with a sharpie, take a picture of the printout on a wooden table, convert the jpg to pdf, OCR in Adobe, and build a blacklist by removing the characters found on the page from the complete list of unicode characters.

    plz email me teh java codez. i have impartan tclient. thx :)

  • (cs) in reply to nagesh
    nagesh -faker:
    mjk340:
    Take in an array of strings, display it in a command prompt using echo, take a screen shot, send it to the printer, have an intern black out the bad characters with a sharpie, take a picture of the printout on a wooden table, convert the jpg to pdf, OCR in Adobe, and build a blacklist by removing the characters found on the page from the complete list of unicode characters.

    plz email me teh java codez. i have impartan tclient. thx :)

    Wow! I am flatered that you are chosing to impersunate me only. has nobody else catch your fancie?

  • Nagesh (unregistered) in reply to Nagesh
    Nagesh:
    nagesh -faker:
    mjk340:
    Take in an array of strings, display it in a command prompt using echo, take a screen shot, send it to the printer, have an intern black out the bad characters with a sharpie, take a picture of the printout on a wooden table, convert the jpg to pdf, OCR in Adobe, and build a blacklist by removing the characters found on the page from the complete list of unicode characters.

    plz email me teh java codez. i have impartan tclient. thx :)

    Wow! I am flatered that you are chosing to impersunate me only. has nobody else catch your fancie?

    It is u who is faker, haker schoolboy. Everyone noes it now.

    Evne basterd askimet is being with me on this one.

  • (cs) in reply to snoofle
    snoofle:
    PedanticCurmudgeon:
    snoofle:
    To be fair, given the sheer volume of problems most developers seem to have with booleans (as evidenced by articles on this site), I can empathize with someone using strings to represent truth.
    So they can replace the boolean problems with boolean string representation problems?
    Whoosh....
    Sorry, my sarcasm detector was broken by excessive trolling.
  • Combo Break (unregistered)
  • Larry (unregistered) in reply to frits
    frits:
    Oh boo hoo. Do you want some cheese with that whine? Why would something this easy to fix bring tears to your eyes?
    Because code like this makes the Baby Jesus cry, and that means no presents for Christmas, which in turn makes me cry.
  • (cs) in reply to Nagesh
    Nagesh -fake:
    Nagesh:
    nagesh -faker:
    mjk340:
    Take in an array of strings, display it in a command prompt using echo, take a screen shot, send it to the printer, have an intern black out the bad characters with a sharpie, take a picture of the printout on a wooden table, convert the jpg to pdf, OCR in Adobe, and build a blacklist by removing the characters found on the page from the complete list of unicode characters.

    plz email me teh java codez. i have impartan tclient. thx :)

    Wow! I am flatered that you are chosing to impersunate me only. has nobody else catch your fancie?

    It is u who is faker, haker schoolboy. Everyone noes it now.

    Evne basterd askimet is being with me on this one.

    Wow, fletary like that will get you everywhere! What do you want my # 1 stalker?

  • (cs) in reply to PedanticCurmudgeon
    PedanticCurmudgeon:
    snoofle:
    PedanticCurmudgeon:
    snoofle:
    To be fair, given the sheer volume of problems most developers seem to have with booleans (as evidenced by articles on this site), I can empathize with someone using strings to represent truth.
    So they can replace the boolean problems with boolean string representation problems?
    Whoosh....
    Sorry, my sarcasm detector was broken by excessive trolling.

    Too much troling hapening over here, since I signed and registered.

  • (cs) in reply to Larry
    Larry:
    frits:
    Oh boo hoo. Do you want some cheese with that whine? Why would something this easy to fix bring tears to your eyes?
    Because code like this makes the Baby Jesus cry, and that means no presents for Christmas, which in turn makes me cry.
    So what you're saying is "When King Diamond Sings, Baby Jesus cries"?
  • Jack (unregistered) in reply to DaveK
    DaveK:
    Ken B.:
    Don't use indexOf(), and use a nested for-loop instead.
    Pretty sure that that's how indexOf works internally anyway, so the algorithm is already quadratic and your suggestion would in fact be marginally more efficient as you've saved the procedure call overhead by effectively inlining indexOf.
    Bah! One loop pulls a character at a time off the string (well actually just sets a pointer to it) then you have a computed goto depending on the binary value of the character. It branches into a table of 256 additional branches that end up at either "true" or "false". So, only one loop.
  • python-validaTION (unregistered)

    from string import ascii_letters VALID = set(ascii_letters + "".join(str(i) for i in range(10)))

    def valid_name(subfolder): return all(c in VALID for c in subfolder)

  • Scott (unregistered)

    I wouldn't have cried. My first reaction would be to yell out:

    "áàããäéèêëíìîïóòõôöúùûüçñ"

    My second reaction would be to curse up a storm:

    "!"#$%&\/=?'»«}{[]§£@,;.:-`´^~<>"

  • (cs) in reply to Bob's Son
    Bob's Son:
    Bob:
    frits:
    Oh boo hoo. Do you want some cheese with that whine? Why would something this easy to fix bring tears to your eyes?

    Errr, you are aware that this is thedailywtf?

    Dad, what does the word "retarded" mean?

    Pedantically regulary new articles, Akismets adjusted to 11 and answers to above's comment get censored?

    Has Alex himself turned into a Bronie now?

    Addendum (2011-11-16 15:08): Are we talking about this"free scotch" then?

  • Topper (unregistered)

    TRWTF is the commented attempt at regex blacklist foiled by an extraneous backslash before the closing bracket

  • (cs) in reply to no laughing matter
    no laughing matter:
    Has Alex himself turned into a Bronie now?
    Indeed. It seems every day is Mandatory Pony Day.
  • (cs) in reply to Ken B.
    Ken B.:
    mystery:
    Try as i might, i can't think of a way to make this worse.
    Don't use indexOf(), and use a nested for-loop instead.

    Or, "better" still, don't hard-code the list of "invalid" characters, and query an SQL table instead of indexOf().

    Define an Enum for each letter, and define two booleans on each one, "valid" and "invalid", and then you can do a string comparison with each one in turn, and if it matches the particular Enum you're looking at, see whether the "invalid" flag is set. If so, ignore that letter. If the "invalid" flag is not set, check the "valid" flag is set. If it is, include that letter.

    That's a really good solution because then if you get another letter you think of, like if they invent a new letter of the alphabet, you can add it in by just adding it as another case in your Enum.

    I mean, for fuck's sake, why overcomplicate this stuff by bringing in SQL and regexps?

  • (cs) in reply to Larry
    Larry:
    frits:
    Oh boo hoo. Do you want some cheese with that whine? Why would something this easy to fix bring tears to your eyes?
    Because code like this makes the Baby Jesus cry, and that means no presents for Christmas, which in turn makes me cry.
    Code like this would even make Lisa Simpson cry, and that always makes *me* cry.
  • Some damn Yank (unregistered) in reply to Mmmpf
    Mmmpf:
    But then, I'm going to think: you can't forbid space as a valid character, we're in the 21st Century! And if I start with this, are period and forward slash valid characters? It's going to lead me on the article about path on Wikipedia, I'm going to lose one hour reading it, which will lead me to try to get to know what OS I'm running on, and soon I'll find myself reading the POSIX spec for answers.
    The article comes right out and says that only 0-9, a-z, and A-Z are allowed. No space. No period. No forward slash.

    Since the list of what's allowed is so much shorter than what's not allowed, the real WTF is trying to maintain a list of what's not allowed. If it was up to me, I'd fill a 62 value array with 0-9,a-z,A-Z. I'd have an outer loop that steps through the string one character at a time, and an inner loop that steps through the array one by one looking for a match with the character from the outer loop. I'd have an outer counter that I'd increment for each step through the string, and an inner counter that I'd increment each time the inner loop got a "hit". Then I'd compare the counters. If they match, all characters in the string are good; if they don't match, at least one character is bad. There, fixed and still wrong! :-)

  • (cs) in reply to Lockwood
    Lockwood:
    Pim:
    Sean Ellis:
    Ðid ÿøµ knøw, thåt ®øµtine wøµld håve thøµght this cømment was À-ÕK.

    No, it contains a comma and a period.

    ˙llǝʇ uɐɔ I sɐ ɹɐɟ sɐ 'ǝlqɐʇdǝɔɔɐ ʎlʇɔǝɟɹǝd ǝq plnoʍ ʇuǝɯɯoɔ sıɥʇ 'ɹǝʌǝʍoH

    Apostrophes?

  • (cs) in reply to snoofle
    snoofle:
    boog:
    frits:
    Oh boo hoo. Do you want some cheese with that whine? Why would something this easy to fix bring tears to your eyes?
    Tears of joy, perhaps?

    I will point out however that one thing seems like it might not be as easy to fix: the return type - you'd likely have to fix everywhere the function is called.

    To be fair, given the sheer volume of problems most developers seem to have with booleans (as evidenced by articles on this site), I can empathize with someone using strings to represent truth .

    Whats so hard about true, false, and file_not_found?

  • (cs) in reply to PiisAWheeL
    PiisAWheeL:
    snoofle:
    boog:
    frits:
    Oh boo hoo. Do you want some cheese with that whine? Why would something this easy to fix bring tears to your eyes?
    Tears of joy, perhaps?

    I will point out however that one thing seems like it might not be as easy to fix: the return type - you'd likely have to fix everywhere the function is called.

    To be fair, given the sheer volume of problems most developers seem to have with booleans (as evidenced by articles on this site), I can empathize with someone using strings to represent truth .

    Whats so hard about true, false, and file_not_found?

    and what if they spell troo and faulse rong?

  • Who Knows (unregistered) in reply to Mmmpf

    Sounds like someone has been reading "If you give a Moose a muffin" - If you have not read this book you are missing out!

    Nothing is EVER as simple as anyone seems to think.

  • (cs) in reply to Who Knows
    Who Knows:
    Nothing is EVER as simple as anyone seems to think.
    I disagree. Most solutions are far more simple than the approach most people take.
  • duis (unregistered) in reply to Pessimiser

    I would add an ajax call on top of that, that does the same exact thing as far as validation (all those chars and all), just to double-check (with an excuse that JS can be hacked/changed by the user. Then I would repeat the server validation again when that input was finally posted to the server (as it's probably a part of some form). Then, I would act as no class should trust its input, so then I would include the same code on the top of every method that receives that value, including the sproc (or equivalent) at the database. As a bonus, maybe encrypt/hash it also, to make less possible to tamper with. In that case, I would possibly use the same function to force at least one of those chars to actually be a part of the encryption key. That's a code re-usage with there: using the same function but interpreting the result differently.

  • duis (unregistered) in reply to Pessimiser
    Pessimiser:
    How could this be worse?

    Take the input string, do a String.Split to break it into an array of characters. Have a predefined array of characters, then use LINQ to do a cross-join of the two arrays, then scan the cross-join for identities, ie where the two characters are the same.

    my previous comment was supposed to quote this one :)

  • Hater (unregistered) in reply to frits
    frits:
    Who Knows:
    Nothing is EVER as simple as anyone seems to think.
    I disagree. Most solutions are far more simple than the approach most people take.

    Thanks God nobody listen to you ever, sucker

  • (cs) in reply to mystery
    mystery:
    Try as i might, i can't think of a way to make this worse.

    Easy: interpolate a polynomial,p(x) of degree 255 with p(x) = 1 if x is the code of a character to be accepted, p(x) = 0 otherwise (that’s 0.3257445245E-429 * x ^ 255 - 0.1059273072E-424 * x ^ 254 … - 0.5491952357E74 * x ^ 2 + 0.8985219766E73 * x), implement the beast, and call it with each character in subfolder until it returns 0 (reject), or you’re done with subfolder (accept).

  • (cs) in reply to Matt Westwood
    Matt Westwood:
    PiisAWheeL:
    snoofle:
    boog:
    frits:
    Oh boo hoo. Do you want some cheese with that whine? Why would something this easy to fix bring tears to your eyes?
    Tears of joy, perhaps?

    I will point out however that one thing seems like it might not be as easy to fix: the return type - you'd likely have to fix everywhere the function is called.

    To be fair, given the sheer volume of problems most developers seem to have with booleans (as evidenced by articles on this site), I can empathize with someone using strings to represent truth .

    Whats so hard about true, false, and file_not_found?

    and what if they spell troo and faulse rong?

    If they were using boolean, then the application would throw an exception when it got compiled (syntax error). If they were using the string method (that they in fact are using) then the string compare would fail and it would assume that the directory contained invalid characters (logic error).

    The difference between a syntax error and a logic error is typically logic errors are a lot harder to track down. You spend 3 days in the debugger (estimate based on the sample of code provided) following your code to find out why "kitties" isn't a valid filename because you spelled "true" as "treu" in your string and it failed the compare check.

  • (cs) in reply to Who Knows
    Who Knows:
    Sounds like someone has been reading "If you give a Moose a muffin" - If you have not read this book you are missing out!

    Nothing is EVER as simple as anyone seems to think.

    Hang on a minute, careful. Muffin the Mule is a criminal offence. So is Dobbin the Donkey.

  • Serge (unregistered) in reply to Some damn Yank
    Some damn Yank:
    Since the list of what's allowed is so much shorter than what's not allowed, the real WTF is trying to maintain a list of what's not allowed.
    No, the real WTF is trying to maintain a list of what's not allowed in almost every circumstance, size of lists regardless. If you make a list of bad things, some hacker will always think of a bad thing you didn't. You should always make a list of things you know are good and reject everything else. I can't believe how many so-called professional programmers don't know this! </rant>
  • None (unregistered) in reply to boog

    Maybe you should go learn something about refactorization and text search...

  • (cs) in reply to m
    m:
    mystery:
    Try as i might, i can't think of a way to make this worse.

    Easy: interpolate a polynomial,p(x) of degree 255 with p(x) = 1 if x is the code of a character to be accepted, p(x) = 0 otherwise (that’s 0.3257445245E-429 * x ^ 255 - 0.1059273072E-424 * x ^ 254 … - 0.5491952357E74 * x ^ 2 + 0.8985219766E73 * x), implement the beast, and call it with each character in subfolder until it returns 0 (reject), or you’re done with subfolder (accept).

    Oh dear, and you were doing so well up to there. Instead, start off with a (double) value of 1, and multiply it by the result of the polynomial for each character in the input string (no early exit). When you've finished, use a floating-point equality test to see if the temp variable is equal to 1, and reject the input string if not. That way you can fail randomly on valid strings too, with the probability of failure increasing as the strings get longer.

  • Luiz Felipe (unregistered) in reply to Scarlet Manuka
    Scarlet Manuka:
    m:
    mystery:
    Try as i might, i can't think of a way to make this worse.

    Easy: interpolate a polynomial,p(x) of degree 255 with p(x) = 1 if x is the code of a character to be accepted, p(x) = 0 otherwise (that’s 0.3257445245E-429 * x ^ 255 - 0.1059273072E-424 * x ^ 254 … - 0.5491952357E74 * x ^ 2 + 0.8985219766E73 * x), implement the beast, and call it with each character in subfolder until it returns 0 (reject), or you’re done with subfolder (accept).

    Oh dear, and you were doing so well up to there. Instead, start off with a (double) value of 1, and multiply it by the result of the polynomial for each character in the input string (no early exit). When you've finished, use a floating-point equality test to see if the temp variable is equal to 1, and reject the input string if not. That way you can fail randomly on valid strings too, with the probability of failure increasing as the strings get longer.

    That is a nice use of chaos theory. I liked, +10.

  • Luiz Felipe (unregistered) in reply to Scarlet Manuka
    Scarlet Manuka:
    m:
    mystery:
    Try as i might, i can't think of a way to make this worse.

    Easy: interpolate a polynomial,p(x) of degree 255 with p(x) = 1 if x is the code of a character to be accepted, p(x) = 0 otherwise (that’s 0.3257445245E-429 * x ^ 255 - 0.1059273072E-424 * x ^ 254 … - 0.5491952357E74 * x ^ 2 + 0.8985219766E73 * x), implement the beast, and call it with each character in subfolder until it returns 0 (reject), or you’re done with subfolder (accept).

    Oh dear, and you were doing so well up to there. Instead, start off with a (double) value of 1, and multiply it by the result of the polynomial for each character in the input string (no early exit). When you've finished, use a floating-point equality test to see if the temp variable is equal to 1, and reject the input string if not. That way you can fail randomly on valid strings too, with the probability of failure increasing as the strings get longer.

    That is a nice use of chaos theory. I liked, +10.

  • (cs) in reply to Jack
    Jack:
    DaveK:
    Ken B.:
    Don't use indexOf(), and use a nested for-loop instead.
    Pretty sure that that's how indexOf works internally anyway, so the algorithm is already quadratic and your suggestion would in fact be marginally more efficient as you've saved the procedure call overhead by effectively inlining indexOf.
    Bah! One loop pulls a character at a time off the string (well actually just sets a pointer to it) then you have a computed goto depending on the binary value of the character. It branches into a table of 256 additional branches that end up at either "true" or "false". So, only one loop.
    Yes, it *could* be done that way, but it isn't, so you're wrong.

    (Also, javascript uses 16-bit UTF-16 unicode chars, so you'd need a table of 65536 branches. In both cases, a bitmap would probably be more efficient anyway.)

  • Time To Go Bed (unregistered)
  • (cs)
    I guess boolean values are magical, obscure beasts?

    Apparently so. So also are a few other things:

    Intelligence.

    The idea of using a white list of 36 characters, rather than a blacklist composed of a tiny subset of of 65,500 characters.

    In closing, let me say that when I get on their site, my password is going to be:

    ĈØ¥ŅĘ¡¡¯§Ф¯†нễЯễ¡¡

  • Earp (unregistered) in reply to QJo

    I remember my Apple 2 e. Man, I felt superior to my II+ owning mates, with my fancy lowercase.

  • +9 (unregistered)

    I wonder how many non-programmers take programmer job positions. Okay, an infinite fuel supply for TDWTF :)

  • (cs) in reply to +9
    +9:
    I wonder how many non-programmers take programmer job positions. Okay, an infinite fuel supply for TDWTF :)

    At my last place, plenty. There was a teaching agency down the road that used to retrain broken-down old middle-managers into the fine art of FORTRAN programming, which they'd then conveyor-belt through our personnel department into our code-cutting boiler-house. Most never lasted that long - it was just a confidence-booster to get them back into the workforce - but the most useless of the lot stayed with us for considerably longer than they ought to have done.

    As you say, an infinite fuel for TDWTF. On my first week in the job I assembled an extensive file on programming stupidities as I found them, complete with amusing captions and witty one-liner putdowns, which is as far as I know still doing the rounds there.

    TRWTF is that I'm still thinking of that company in terms of "we" and "us".

Leave a comment on “Serious String Validation”

Log In or post as a guest

Replying to comment #:

« Return to Article