Tuesday, June 19, 2012

A message to my fellow developers: I want my apostrophe back

On the web my last name is a blessing and a curse. The name itself isn't the problem, it's just how it's mutilated in the name of security

More often than not, when entering my last name into a web form, I receive a message that it's not valid because of the apostrophe.

It is a valid name, it's mine. It's O'Sullivan not OSullivan and I'm rather attached to it.

This isn't just limited to apostrophes, but certain other characters too. For example, a friend of mine has a space in his last name and experiences similar problems.

Yes I know that we should sanitize input to help prevent things like SQL injection attacks and cross-site scripting, but the former can be handled by not generating SQL with data baked right in. We can use placeholders or a full blown ORM to help prevent attacks. The latter with encoding data correctly.

You may think what's the big deal, but can you guarantee that you have all combinations of possible characters for last name validation? A simple a to z match isn't going to cut it.

One of the blessings about having an apostrophe in my name is that I learnt how to deal with them safely very early in my career.

Things have improved over the years though. My name used to break many an app, these days very few. If I do find one, this tells me that I shouldn't use their service.

My biggest problem with all this is usability. Earlier I mentioned telling the user that their name is invalid, but the bigger problem is with credit card processing.

Pretty much every site I've visited that asks for credit card info, asks for your name as it's written on the card. If you can't enter it exactly then it puts doubt in the mind of the user as to whether or not their transaction will succeed. There must be a reason why it has to be exact right?

So please can I have my apostrophe back. 

Who's with me?

No comments:

Post a Comment