Duncan's blog

June 8, 2009

How not to do input validation

Filed under: Web — duncan @ 12:01 am
Tags: , , ,

Here’s a screenshot from a form I was filling in on the TV Licensing website. I’d just entered the date as 9/6/2009 instead of 09/06/2009. Obviously it’s too tricky for them to work out how to pad 1-digit numbers with a leading zero.

TV Licensing - Update your contact details

This falls into the same category as sites that insist you enter your username in either lower or upper case. Or that you enter your credit card without spaces or hyphens. Or that you format your phone number in a particular way.

It’s all putting extra work on the user for something that could be done automatically server-side with just a few lines of code at most. Not good practice!

1 Comment »

  1. Well, according to the URL’s the site actually runs on JSP’s. I’d like to hope they used some jee-framework like spring mvc or struts, but I doubt they do. Also they generate new http-sessions even for anonymous users (getting a JSESSIONID) that just did a GET-requests transmitting not even a single byte of data. I guess some newbie wrote the site😉

    Comment by spidey — June 24, 2009 @ 7:27 am | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: