- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
No, its the second TRIM function he wrote.
There is a TRIM :)
Admin
Correct, it is cut and paste from page to page.
It's defined about 8 times.
Whats better, is than on many pages there is a standard include of javascript libaries.
These libraries also has an implementation of this kind of validation (although better)
Admin
Nuthin' to feel guilty about. JavaScript is proprietary. Netscape owned JS and gave it to the Mozilla project, so whatever works in Moz is JavaScript, whether in draft or in standard. 'Twas a triumph, not a failure, of empiricism.
Admin
It does indicate how it's different! It must trim twice. There must be a limit to the amount of whitespace TRIM can remove, thus doing it twice is better. [:D] [:D] [:D]
Admin
It takes a form control and modifies it willy-nilly in cruel defiance of object-orientation, but just to be a real bastard, it NEVER bothers to check whether it's a text-based control or any kind at all. It's more than happy enough to spam javascript errors all around when someone tries to pass anything else.
Admin
Admin
Open your eyes yourself! The matter has already been discussed.
As for Mozilla, it actually implements the current ECMAscript standard, which coincides with Netscape's Javascript 1.5 specification, except it's... well... standard. IE and Opera implement their own idea of what Javascript should be. A pretty bad idea, too...
Admin
Capitalization really? Capitalization nobody ever told me that. Capitalization damn.
Admin
-- Simon wrote: -- 2 - hardcoded character values
No, I'm not suggesting that. Anything but that :)
What I am suggesting is that they should have used either the methods already available for determining if a character is, in fact, a letter / number, or have used a regexp.
But that's one of the lesser of the WTFs in this post.
The biggest one has to be "how in gh0d's name did they pass the job interview?"
As for the interminable arguments over the WTFness of hungarian notation - well, one can never have too many flamewars.
Simon
Admin
Dont you mean doing ANYTHING other than returning true if alphanumeric, and false otherwise? It shouldn't be showing alerts AT ALL (or modifying values... et cetc), that's the job of the caller :) This person may aswell have called the function "wtfDoSomethingThatDoesntMakeSense(ctrl)".
Admin
I'd hate to see the bfIsUnicode( cfield ) function... :-o
Admin
Ok, not read any comments yet....
so, here goes.
1 Function returns no value.
2 side effect of trimming the value within the cfield object
3 side effect of converting the cfield to uppercase, though this could be lumped in with 2.
4 didnt know "@@@@" was a valid alphanumeric string, but thats just me
5 function side effect of outputing error message. surely this would be more usefully done in the caller as the caller knows the name of the field and can tell the user which one.
6) the whole if ( and and and and and and ) is orrible, could understand it if they where worried about non-standard character encoding... but if soo... isalnum() (if this is C) or
string.match(/[\a\d]+/) (if its javascript, and now you don't need that charloop) would be a useful first step.
7) if this is used as part of the validation of form fields on an "ok" button click, it may iterate across many fields warning about each one in turn (giving horrible user impression) leaving the user with no opportunity to fix the error between each message. so the user ends up being positioned at the last one checked and found wrong and has to backtrack through each one in turn.
8) if the user has mistyped and included an invalid char in an otherwise valid and large string, this large string is removed and the user has to type it all again (while cursing the software)
9) routine accepts an empty string as alphanumeric. may be a WTF, may not...
10) routine will reject "european characters", but lets not go there...
I have been guilty of (7) myself, but the investment of time required for the inhouse app to handle this problem in an elegant fashion was something I didnt have.
Admin
It will only report the first one, as after that the field value is cleared and the loop will terminate.
Admin
Not 100% sure of the Javascript "API" but shouldn't substr(i,1) be substr(i,i+1)? (with something to make sure i+1 < len)?
Admin
JacaScript has a string object.
http://www.w3schools.com/js/js_obj_string.asp
String.charAt(i)
Admin
Maybe not a WTF, but what is the user base for this application?
"Only Alphanumeric are allowed."
Is Aunt Thelma going to know what the hell that means?
And for that matter, is it really a good idea to force-validate an email address anyway? I mean, it's one thing to tell the user (in so many words), "I think you've an incorrect character there, but if that's what your email really is, okay," and quite another to insist, "you vill conform to our (broken) idea of what an email address should be!" I mean, it's not like you can prevent all or even most nonfunctional email addresses a user is likely to enter. Chances are, most typos are going to be more like:
[email protected]
And I bet this was a required field. There goes a potential customer.
--RA
Admin
for ( i = 0 ; i < cfield.value.length ; i++)
{
var n = cfield.value.substr(i,1);
if ( n != 'a' && n != 'b' && n != 'c' && n != 'd'
....
&& n != '_' && n != '@' && n != '-' && n != '.' )
{
window.alert("Only Alphanumeric are allowed.\nPlease re-enter the value.");
cfield.value = '';
cfield.focus();
}
cfield.value = cfield.value.toUpperCase();
}
return;
}
I don't work in Javascript often but I'm certain that the cfield.value.length is evaluated on the first loop and then isn't changed. I guess you could try it in an IDE and step through and see if this is true but I know we were caught with this in massaging a string to remove certain characters and ended up with an error.
Admin
English was the programmers second language.
Admin
He was recruited from University.
To his credit, he delivered several major apps for the company on time and they all did work (you might not like the way they work, but they work)
Its just a cautionary tail on having unsupervised juniors working alone and letting them develop their own 'unique' style.
Programming truly is an art that requires constant attention, and not just something you learn and then apply.
Admin
{Admin
That one is easy. They were the only one who looked comfortable in the suit they wore to the interview. This is always a more important factor than any ability in places that require a dress code.
Admin
Ah, by "hardcoded" you meant checking every single letter individually. Maybe he was trying to do some loop unrolling of some sort....
Admin
Ah, and everyone should know not to end a sentence with a preposition :)
"Placement on the period of that last sentence depends on the country in which you live."
Admin
That is the sort of nonsense I will not put up with up with which I will not put.
Admin
Alot of people seem to have missed that on each iteration, not only does it convert to upper case but it converts the entire string to uppercase...WTF?!
Also, why is he wasting so many ops with the substr method instead of just using classic indexing to grab a single character?
window.alert("stupid"[5].toUpperCase())
Admin
most definitely, but would you expect the genius that wrote the gem above to be able to write logic for validating an e-mail address?
Admin
My point is, from the author's code you can't tell what he was trying to do. If his intent was to make sure the characters are alpha or numeric then he screwed up, if he was trying to determine whether the entire field is alpha or numeric he's a micrometer closer to being right. I probably picked the wrong post in the thread to reply to (my language skills were not working very well yesterday).
Admin
From Mozilla's "standard":
Yeah, standard...
Admin
If only finding the WTF's were as easy as actually locating the stolen Scream...
OTOH, solving this case will actually make you quite a bit of money.
Admin
Freshman to Princeton upperclassman: "Do you know where the library is at?"
Upperclassman: "Sir, at Princeton, we don't end our sentences with a preposition."
Freshman: "Ok. Do you know where the library is at, asshole?"
Admin
JavaScript 2.0 doesn't even exist yet, and its a huge topic of debate in the mozilla community. In fact, JavaScript 2.0 and the ES4 proposal were completely thrown out the window a few years ago, and only recently have they decided to take a second look at the work done tward these proposed language additions.
However, JavaScript 2.0 and the proposed ESR4 changes largely implement a series of notes published by the W3C they called "Spice". Currently, a sub/super set of these changes are implemented in MS's JScript.NET. Many of the changes create quite substantial issues (Such as two conflicting object models) that have stopped the work on JavaScript 2.0 several times over. And in my honest (and fortunately not ONLY mine) opinion, alot of these ideas aren't that great. They largely provide alternative syntax and semantics for existing (and actually, more flexible) functionality. And if JS2.0 and the current ES R4 proposal are passed up, some of the mechanisms added to ecma script through these new conventions should probably be added elsewhere in the language.
Back to the point, JavaScript 1.5 is all you can worry about because JavaScript 2.0 doesn't really exist aside from as a series of notes, discussions and proposals. So his statement is still true. And if you would have went to ecma-international.org and looked at the ECMA-262 specification you would see that revision 4 also does not exist.
Admin
JS 2.0 is not a standard yet... [:^)]
Is it documented in JavaScript1.2?
Admin
Then you'd need an event handler in the HTML code for each form element to trigger the validation when it loses focus. And, since focus is given back to the form control when validation fails, once the user enters a field, he cannot leave it until he enters an acceptable value.
It could be called by another function that only gets called when the form it submitted. Presumably, the calling function would call this function for each element that needs to be validated. But, since this function returns nothing, there is no way for the caller to know that a field failed to validate. If multiple fields are invalid, the function would just turn out multiple alerts -- none of which actually tell the user which field is invalud -- and the user would have to examine the form to see which fields had become unfilled in order to determine where the problem lies. That would especially suck if the form had many fields which were allowed to remain blank.
Admin
Actually, it returns a double of value: -1.229999999999999982236431605997495353221893310546875
Admin
So? Does nobody do quality control at the company? Sheesh.
Admin
No, it doesn't return anything nor does it need to. cField is obviously a form field and as such it's acting on it directly. isAlphaNumeric is probably a bad function name. It may have started out that way, but eventually it must have evolved but not renamed.
The rest, I can't argue with. :)
Admin
I say blame him...not her. There are precious few of us around to be blamed for things like this.
Admin
Ok, one thing a lot of you people are saying, which is TICKING ME OFF: the idea that one should determine whether a character is alphanumeric by an inline ASCII value comparison.
AAAARGH, DON'T DO THAT! Get it into your heads: characters are not numbers. First of all, even if you do the wrong numeric comparison implementation, hide it away in some sort of isAlphanumeric() function—at least then it's easy to change to something internationalized.
Admin
WTF? It can be http://education.yahoo.com/reference/dictionary/entry/reenter
IMNSHO, it should be, just so the double-e doesn't look funny.
Admin
The thing is that because it doesn't return true or false, it cannot properly influence the submission of the form. return; either does nothing, in which case the form ALWAYS submits, or it returns null which evaluates to false which will ALWAYS stop the form.
So I'm assuming that clearing the field ensures that the actual validator picks up on the empty field and puts false in onsubmit.
This function doesn't return anything useful, and only acts on the field.
If I were this guy's mentor, I'd put a frown on my face, say "Everything is wrong.", select the code and delete it.
Admin
I didn't say can not, I said should not.
Reenter is the primary (preferred) spelling. Otherwise it would be "re-enter also reenter" not the other way 'round.
I don't think it looks all that funny...re is such a common english prefix. If it was confusing, I'd prefer to use a diaresis rather than a hyphen to distinguish the hiatus from the diphthong.
Admin
JavaScript 2.0 is as "standard" as any JS version ever will be. JavaScript is a proprietary language belonging to Netscape Communications Corporation and currently developed and administered by Mozilla.Org. Netscape/Mozilla are free to publish any language spec they want, and JavaScript 2.0 is the current version of the language. JavaScript 1.2 was also proprietary, and has never been published as an industry standard.
The only active language standard relating to JavaScript-like languages is ECMA-262 (ECMAScript Language Specification). The language core of ECMAScript describes most, but not all, of Netscape's JavaScript 1.2, since JS 1.2 includes not only the core language but the object bindings as well.
Most, but not all, of the language enhancements introduced in subsequent versions of JavaScript have been submitted to ECMA for consideration in a new version of their standard. JavaScript currently implements all of ECMAScript, but it is not limited to ECMAScript.
Microsoft's JScript also implements all of ECMA 262. Internet Explorer does not run any version of JavaScript -- it is legally prohibited from doing so. Coincidentally, though, JScript is a very similar language, and the JScript runtime can interpret text tagged as JavaScript almost as if it were native JScript.
Most "off-brand" browsers fully support ECMAScript, so if you want to code cross-browser UIs, you should be using ECMAScript, not any flavour of JavaScript.
Admin
One thing still, this is client side data validation. One should never trust it, and if you want to do it properly, you still have to perform the data validation server side. Therefore javascript validation is not necessary in most cases.
Just remember to save all the form posted values on error and include a good problem specific message to tell the user what went wrong there.
Admin
Client-side validation is a Good Thing, not because it can actually prevent bad data from making it to the server, but because it responds much faster than server-side validation (it should be immediate if written well, which is a great user benefit) and minimizes the number of round-trips that may be required (reducing the load on the server and minimizing bandwidth). That doesn't mean that you can get away without validating server-side, but server-side validation doesn't mean you shouldn't validate client-side. That's deliberately designing an app to be slower and require more hardware than necessary.
Admin
+1.
Server-side validation is a security feature.
Client-side validation is a performance enhancement. (Or a user convenience, if you want to look at it that way.)
Both have value.