Put the knife down and take a green herb, dude. (c) Ruffin Bailey 2001-2021

Caught this gem from the BBC via Michael Tsai's blog:

“We moved almost immediately after we got married so it came up practically as soon as I changed my name, buying plane tickets,” she says. When Jennifer Null tries to buy a plane ticket, she gets an error message on most websites. The site will say she has left the surname field blank and ask her to try again.

Instead, she has to call the airline company by phone to book a ticket – but that’s not the end of the process.

“I've been asked why I'm calling and when I try to explain the situation, I've been told, ‘there's no way that's true’,” she says.

Sorry to say I pulled a legitimate LOL as soon as I read her last name. Ouch.

But my reaction? Gosh, which websites and what horrible programmers? I mean, even if you're a two-equals coder (you should use three, natch) in JavaScript, the weakest place I could think of off-hand, null != "null", and you've got no problem.

And...

INSERT INTO Users (Name) VALUES ('Null') -- (as the result of a parameterized query)

... screwed up nobody ever. Which leads me to say...

This is not Little Bobby Tables.

This is stoopid.

We're all stoopid sometimes, but that's what this is. It's stoopid.

???

After a little more digging...

Seems I ran through the same steps in my head as the SO post the BBC includes, but the answer seemed obvious; this is the "worst case" I could think of going in...

The only reasonable workaround I can think of, short of fixing this bug in every damn version of ActionScript, is to test fields for "null" and escape them as CDATA values.

Well, duh. Though extend my sympathy for those who have a legacy system that still uses XML, not JSON. ;^)

What this really shows is...

There's waaaaaaay too much NIH syndrome in the enterprise
We're exceptionally bad at creating test cases
We need more imaginative coders.

If the name "Null" is still an issue three to six months from now, SHAME. No, ALL CAPS SHAME. FOR REAL. Horrible.

Wow. Seriously, I'm embarrassed for the profession. At worst, you needed to see why your client-side was "letting through" names that were empty so far that they got serialized to XML. Does nobody check the logs? Or are your logs so chatty you wouldn't see this error?

/facepalm

Labels: coding, fail, SQL

title: Put the knife down and take a green herb, dude.	descrip: One feller's views on the state of everyday computer science & its application (and now, OTHER STUFF) who isn't rich enough to shell out for www.myfreakinfirst-andlast-name.com Using 89% of the same design the blog had in 2001.
FOR ENTERTAINMENT PURPOSES ONLY!!! Back-up your data and, when you bike, always wear white. As an Amazon Associate, I earn from qualifying purchases. Affiliate links in green.
x MarkUpDown is the best Markdown editor for professionals on Windows 10. It includes two-pane live preview, in-app uploads to imgur for image hosting, and MultiMarkdown table support. Features you won't find anywhere else include... MarkUpDown Multiline Table & Bootstrap Grid support. Beautiful Easy Actions that keep the Markdown flowing. HTML paste to paste HTML source into your documents. You've wasted more than $15 of your time looking for a great Markdown editor. Stop looking. MarkUpDown is the app you're looking for. Learn more or head over to the 'Store now!

Friday, March 25, 2016
Jennifer Null is not Little Bobby Tables Caught this gem from the BBC via Michael Tsai's blog: “We moved almost immediately after we got married so it came up practically as soon as I changed my name, buying plane tickets,” she says. When Jennifer Null tries to buy a plane ticket, she gets an error message on most websites. The site will say she has left the surname field blank and ask her to try again. Instead, she has to call the airline company by phone to book a ticket – but that’s not the end of the process. “I've been asked why I'm calling and when I try to explain the situation, I've been told, ‘there's no way that's true’,” she says. Sorry to say I pulled a legitimate LOL as soon as I read her last name. Ouch. But my reaction? Gosh, which websites and what horrible programmers? I mean, even if you're a two-equals coder (you should use three, natch) in JavaScript, the weakest place I could think of off-hand, `null != "null"`, and you've got no problem. And... `INSERT INTO Users (Name) VALUES ('Null') -- (as the result of a parameterized query)` ... screwed up nobody ever. Which leads me to say... This is not Little Bobby Tables. This is stoopid. We're all stoopid sometimes, but that's what this is. It's stoopid. ??? After a little more digging... Seems I ran through the same steps in my head as the SO post the BBC includes, but the answer seemed obvious; this is the "worst case" I could think of going in... The only reasonable workaround I can think of, short of fixing this bug in every damn version of ActionScript, is to test fields for "null" and escape them as CDATA values. Well, duh. Though extend my sympathy for those who have a legacy system that still uses XML, not JSON. ;^) What this really shows is... There's waaaaaaay too much NIH syndrome in the enterprise We're exceptionally bad at creating test cases We need more imaginative coders. If the name "Null" is still an issue three to six months from now, SHAME. No, ALL CAPS SHAME. FOR REAL. Horrible. Wow. Seriously, I'm embarrassed for the profession. At worst, you needed to see why your client-side was "letting through" names that were empty so far that they got serialized to XML. Does nobody check the logs? Or are your logs so chatty you wouldn't see this error? /facepalm Labels: coding, fail, SQL posted by ruffin at 3/25/2016 11:33:00 AM

<< Older \| Newer >>