Input data, validation and data consistency matters. C# Corner proves it

Today I decided to create an account on C# Corner. I opened the site, navigated to the sing up page and filled the form. I did everything as I did successfully thousand times before, but was unable to go through the client side validation when tried to submit the registration form. Client side validation popups a dialog with error info: Mandatory fields – Last name must have alphabets only.

I thought I filled my last name incorrectly using English keyboard instead of Czech. My last name have a diacritics, so when I type my surname on the English keyboard it writes numbers. I closed the error dialog and saw I written the last name correctly as you can see on the picture above.

WTF! I am not wrong! Take a look at the image once again and you’ll find the Last name field is not marked as mandatory field, but the error dialog told me it is. Okey, I don’t care about that, but I care about my surname. I just want to use it with diacritics, not without.

Investigating validation

I started to investigate the javascript that validates the registration form. First and last name fields validation uses (([a-zA-Z])(\\s)*)* regular expression to check if the value is correct.

I don’t have strong knowledge of regular expressions, but I think it repeatedly tests characters once or repeatedly when there is a space. So, users can use surname of one or more words. But why I can’t use diacritics I still can’t imagine, so I dig deep into it. Regular expression used to test first and last name simply don’t count with diacritics and will always popup with an error if contains any.

I just tried to turn off Javascript and submit the form again. Guess what happened. Yes, the form was submitted and account created.

I was wondering if there is some server side validation to check correct form values and there is not. I tried to submit numbers and special characters with Javascript turned off and  I was able to submit it too.

I didn’t try to log in, but it doesn’t matter. I was wondering if I can pass the validation and create an account successfully only. And I can and that’s not good for application. It is difficult to estimate if submitted data can cause some problems, but it is possible when application logic counts with exact data. It is not my problem, but it is nice way how to realize you have to be patient when implementing input validation in your application.

Automatic data correction

Last year I’ve done Microsoft Certification exams and became MCPD. I wanted to print certifications, but all of them used my uppercased name without diacritics and I was unable to change it any way. I sent a request to the Microsoft Support, if it possible to change my last name. It looks weird when I send somewhere my certifications and there is not exactly my name. I can live without diacritics, but it is lot better when my name appears correctly on such a document. After few days Microsoft Support sent me an email with information my name should display correctly now. I was very pleased, because it is really hard to get from Microsoft what you want/need sometimes. I checked out the certifications and everything was correct. After some time I need to download these certifications and I was very suprised my last name was without diacritics again. I really can’t imagine why, but I think it was changed when I was editing my LiveID profile. Maybe(I’m just guessing), it doesn’t give me validation error, but directly converts input values to text without diacritics.

Conclusion

There is solved question how to validate Non-English character on Stackoverflow that will help you implement correct client side validation for languages which uses characters with diacritic.

Second problem on  C# Corner is there is not server side validation. This is big mistake. Every single user input needs to be validated on the server. For better user experience you can implement client side validation. You can take a look at question on Stackoverflow in which users ask if it is better to use client side or server side validation.

When you have implemented logic which changes input data or converts it, notify the user you will make the change. User can’t imagine you are doing such a think.

C# Corner please

Don’t send me password via email when I change the original system generated after the registration. Thanks!

Posted on 26.9.2012, in Development Criminal Investigative Service and tagged , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: