Ask Robert’); DROP TABLE Students; 's mum how it went.
Ah, little Bobby Tables we call him
I have an apostrophe and it’s super annoying as some companies see it as a SQL injection hack and sanitize it.
So I’ve received ID with Mc%20dole or they add a space in it. Or I’ll get a work email with an apostrophe but I cant use it anywhere because sites have it disabled. And I’ve missed my flight because I changed my ticket once to add the apostrophe and the system just broke at the gate.
Worse yet many flight companies have “you will not be able to board if your ID doesn’t exactly reflect your details” but their form doesn’t allow it. Even most forms for card payments don’t allow it even though it’s the name on my card.
Always worth posting this classic.
There’s also the version with examples if you want to know exactly what and why it breaks.
And the git that collects all of these in one place, if you want to really nerd out.
Been there, seen that, had to deal with it. Now add the problem that there are people who don’t know their birth date or not even the f-ing year they were born in. And I’m not talking about someone from a lost tribe at the Amazonas.
This is going to be bobby tables isn’t it?
Edit: It wasn’t?!
Lol I went through the exact same process.
Also relevant: https://www.wired.com/2015/11/null/
I have an apostrophe and it’s super annoying as some companies see it as a SQL injection hack and sanitize it.
My surname contains a character that’s only present in the Polish alphabet. Writing my full name as is broke lots of systems, encoding, printed paperwork and even British naturalisation application on Home Office website. My surname was part of my username back at uni, and everytime I tried to login on Windows, it would crash underlying LDAP server, logging everyone in the classroom out and forcing ICT to restart the server.
everytime I tried to login on Windows, it would crash underlying LDAP server, logging everyone in the classroom out and forcing ICT to restart the server.
Now that’s the way to do it! Make it everybody’s problem, not just yours.
%20 is encoded space if I remember right, so even then they were already incorrect
Yep, the apostrophe would be %27
So Mc%27dole
It sounds like maybe they sanitized the apostrophe to a space and then encoded it
Same shit with American custom forms. On the one hand, they threaten you with Armageddon if you fill out the form incorrectly, on the other hand, they only allow plain letters, numbers, and a handful of special characters. Nobody there has the capacity of the mind that maybe a name cannot be correctly represented with that tiny subset of characters. So it is simply impossible to fill out that form without breaking the law. And it is a customs form, so they should know that people filling it out are most likely foreigners.
you will not be able to board if your ID doesn’t exactly reflect your details"
Do they care about an apostrophe though? I can see any punctuation being a problem for systems.
I had to convince people to let me on board a plane because my name contain a swedish letter (å). Their computer system translated it into “aa”, which then didn’t match my passport.
Your name is transliterated in your passport? That’s on the Swedish authorities then.
No, my passport has my real name of course, with “å”. In the airport system and on the boarding pass my name was spelled with “aa”.
I’m amazed that none of your family members have run into the same problem. If I were you I would compare passports with my family.
That one I can actually see, having an extra letter that doesn’t match. Dropped punctuation or symbols (whatever the flair is called) though personally I wouldn’t care.
That’s the wrong way of looking at an å.
It’s not just an a with decoration. It actually has different pronunciation and is typically replaced with aa if no å is available. (I’m neither Swedish nor Norwegian, so not 100% sure, but it’s what happened to Erling Haaland).
Similarly, you would replace a German ä with ae. So if my name was Bäcker, it would be wrong to spell it Backer on a ticket. Baecker would be the way.
Yes I’m aware it’s not an a with decoration jfc. I’m saying for computer entries that garble things, I wouldn’t care about matching it up so perfectly (with dropped whatever those things are called) as to not allow someone to board a plane.
“Diacritics” is the word you are looking for.
And unfortunately the kind of people who decide whether people get to board a plane do care about that stuff.
Spent lots of effort to get names for my kids that avoid this. Swedish/French. It’s harder than it sounds.
I have an apostrophe
Scottish/Irish?
some companies see it as a SQL injection hack and sanitize it.
Which kind of apostrophe?
A straight apostrophe, fine - that can and does get used in valid SQL injection attacks. I would be disgusted at any input form that didn’t sanitize that.
But a curly apostrophe? Nothing should be filtering a curly apostrophe, as it has no function or use within SQL. So if you learn how to bring that up in alt codes (Windows, specifically), Key combos (Mac) or dead keys (Linux), as well as direct Unicode codes for most any Win/Mac/*Nix platform, you should be golden.
Unless the developer of that input form was a complete moron and made extra-tight validation.
Plus, knowing the inputs for a lot of extended UTF-8 characters not found on a normal keyboard is also a wee bit of a typing superpower.
… why are you putting an apostrophe in McDole? The O-apostrophe in Irish names is an anglicisation of Ó, eg. Ó Briain becomes O’Brien. Mac Dól would become MacDole/McDole.
Yeah fuck this guy for spelling his name the way it was given to him what an asshole
Probably some bureaucrat decades ago making an incorrect assumption that passed down through generations. Happened to my family. No Irish roots whatsoever, yet somehow we ended up with the annoying form-breaking apostrophe in our ‘legal’ name just because it begins with the letter ‘o’.
“Oscar??? Surely, you’re mistaken. I hereby decree your name to be O’Scar!” ~Arsehole circa 1937
Hey Militant Left, just because every question directed at you assumes you are an asshole, doesn’t mean the same applies to questions to other people
Once I was tasked with doing QA testing for an app which was planned to initially go live in the states of Georgia and Tenessee. One of the required fields was the user’s legal name. I therefore looked up the laws on baby names in those two states.
Georgia has simple rules where a child’s forename must be a sequence of the 26 regular Latin letters.
Tenessee seemed to only require that a child’s name was writable under some writing system, which would imply any unicode code point is permissible.
At the time, I logged a bug that a hypothetical user born in Tenessee with a name consisting of a single emoji couldn’t enter their legal name. I reckon it would also be legal to call a Tenessee baby 'John '.
Sounds like you did a thorough job as a QA tester. As a software engineer, I love to see it.
By the time the app was due to go live, we’d only reported bugs with the signup and login flows. This was misinterpreted as there only being issues with the signup and login flows, and the app launched on time. In reality, it was impossible to get past the login screen.
And then let me guess… Of course the QA testers get the blame, when in reality it’s either management or marketing that wanted to pushe the app out.
Blaming us would be too close to root-cause analysis for them even to consider. We weren’t normally QA testers, but they’d left it until too late to hire internal QA, so roped in the developers (us) from a SaaS vendor their app replied on as emergency QA.
im sure the devs tasked at fixing that bug loved u ;-)
Frontend devs hates this guy.
Still better than Jennifer Null I guess
“We call her Carrie, because of the carriage return.”
You can also try to give the child NULL as middle name for additional fun.
someone tried that with their license plate, it turned out well: https://www.wired.com/story/null-license-plate-landed-one-hacker-ticket-hell/
edit: archive link
I just realized that the shitty software on the other side of the divide is casting
null
to ”null", which absolutely explains that issue. What a clusterYeah, I love to rag on languages with weak typing, because of the potential for a bug, but seeing it play out in reality, directly with user input, that’s certainly something else.
Oh no, it gets worse:
Prank or not, Tartaro was playing with fire by going with NULL in the first place. “He had it coming,” says Christopher Null, a journalist who has written previously for WIRED about the challenges his last name presents. “All you ever get is errors and crashes and headaches.”
Archive link: https://archive.ph/o/Foe1r/https://www.wired.com/2015/11/null/
He is being too nice. He needs to get a lawyer and sue that shitty company for harassment and whatever else.
ETA: The US isn’t overly litigious. We are under litigious if anything.
Large corporations are overly litigious. Individuals can’t afford to be litigious enough.
Hey “java.lang.NullPointerException” can I borrow your pen?
Ca\r\rie
It’s impossible to represent that on paper. It could be misrepresented as a specific number of spaces. Depending on the position on the paper, it may also be hard to tell if the carriage return comes with the line feed. Unless you want the document to be in ASCII or EBCDIC hex, it’s like writing an ambiguous math problem where the answer is different depending on how you were taught about the order of operations. Don’t do this to your kid, Abcde.
There are a frightening number of systems that don’t allow “-”, which isn’t even an edge case. A lot of people - mostly women - hyphenate their last names on marriage, rather than throw their old name away. My wife did. She legally changed her name when she came of age, and when we met and married years later she said, “I paid for money for my name; I’m not letting it go.” (Note: I wasn’t pressuring her to take my name.) So she hyphenated it, and has come to regret the decision. She says she should have switched, or not, but the hyphen causes problems everywhere. It’s not a legal character in a lot of systems, including some government systems.
It boggles my mind how so many websites and platforms incorrectly say my e-mail address is ‘invalid’ because it has an apostrophe in it.
No. It is NOT invalid. I have been receiving e-mails for years. You just have a shitty developer.
worst thing is, the regex to check email has been available for decades and it’s fine with apostrophies
Well, and remember: If in doubt, send them an e-mail. You probably want to do that anyways to ensure they have access to that mailbox.
You can try to use a regex as a basic sanity check, so they’ve not accidentally typed a completely different info into there, but the e-mail standard allows so many wild mail addresses, that your basic sanity check might as well be whether they’ve typed an
into there.
The regexes are written to comply with RFC 5332 and 6854
They are well defined and you can absolutely definitively check whether an address is allowable or not.
Yeah, I’m just saying that the benefit of using such a regex isn’t massive (unless you’re building a service which can’t send a mail).
a@b
is a syntactically correct e-mail address. Most combinations of letters, an @-symbol and more letters will be syntactically correct, which is what most typos will look like. The regex will only catch fringe cases, such as a user accidentally hitting the spacebar.And then, personally, I don’t feel like it’s worth pulling in one of those massive regexes (+ possibly a regex library) for most use-cases.
There are many regexes that validate email, and they usually aren’t compliant with the RFC, there are some details in the very old answer on SO. So, better not validate and just send a confirmation, than restrict and lock people out, imo
The article you just mentioned in the comments includes both a completely reasonable and viable regex and binary and library alternatives that are in most languages.
Reasonable and viable ≠ RFC compliant
This quote summarises my views:
There is some danger that common usage and widespread sloppy coding will establish a de facto standard for e-mail addresses that is more restrictive than the recorded formal standard.
Yes! Hyphens and “+” are also legal, and while most will accept a dash, many don’t allow ‘+’. But it’s explicitly allowed in the spec!
And you’d think a simple solution is just leave out the hyphen when you put you name in, but that can also lead to problems when the system is looking for a 100% perfect match.
And good luck if they need to scan the barcode on your ID.
Then the first part is interpreted (in the US, anyway) as a middle name, not as part of the last name. I did run into a recently married woman who did that: dropped her middle name, moved her last to the middle, and used her spouse’s last name.
More commonly, places that don’t take hyphens tend to just run the two names together: Axel-Smith becomes AxelSmith.
Programmers can be really dumb.
As someone who’s mexican I encounter that more than one would think since I have 2 last names and it gets weird sometimes since I also have a middle name.
God, the French. My friend has two first names, two middle, and thankfully only one surname.
This kind of makes me want to name my kid Pascal-Case
There are also fringe externalities from this too. I have my mom’s last name for my middle name and my dad’s for my last name. But back in the 90s, my state would erroneously handle that scenario as having no middle name and both names hyphenated for a last name. I didn’t find this out until I turned 18 and tried to get a retail job and they wouldn’t hire me until it got fixed.
First I had to go to the Dept of Health and get a new birth certificate, then I had to do the same at the social security administration for a new social security card. Hours and hours over multiple days just so I could earn minimum wage folding and selling used clothing. Ironically, the name mixup never was a problem when I did taxes previously.
I have come across a shockingly large amount of people who not only have a hyphenated last name but also have a hypenated first name! Dealing with every new computer system is like a new adventure
You’d think by now Jean-Luc Picard would be a well known example and systems are able to deal with it.
C programmers would ask whether a null-terminated name would be acceptable
asking questions like this is how i found out that one of the allowed characters in names in my country is ÿ, which is fine in Latin-1 but in 7-bit ASCII is
DEL
.This sounds like it would create a whole list of fun and irritating edge conditions for some poor bugger to debug. Love it.
If someone else has to debug the problems caused by a parent naming their child with a special character, does that make the parent the bugger? 🤔
I can tell you that buggering is not how you become a parent.
that’s amazing! Aren’t codecs fun
Apparently no-one did it yet, so I’ll name my child +++ATH0
No, cause “John\nDoe” messes up my regex. Sorry, out of the question. I’m not good with regex.
no one is “good” with regex.
Then who’s coming up with all the bits that I copy/paste off the internet? The regex dragon?
There was only one, we’re all still copying from him or her.
they likely aren’t good regex’s ;P … anything with more than, say, 6 operators is probably missing an edge case or will be outdated in a year (and then it’s impossible to determine its original intention)
From what I’ve seen, it’s Cthulhu.
Little Bobby Tables
That’s easy, just call it Jhon\nDoe
John\0Doe will fuck with all C (and C based derivatives) software that touches it.
With an address in 's-Hertogenbosch to help people who are lazy about escaping.
Nah, it will end up simply as “John” in the database. You need “John%sDoe” to crash C software with unsafe printf() calls, and even then it’s better to use several “%s”
C and C derivatives will be fine unless they’re fucking up encoding.
Which rarely, if ever, happens. Especially with US software.
“ethics aside” truly a starter for a qa
Anyone remember when Chrome had that issue with validating nested URL-encoded characters? Anyone for John%%80%80 Doe?