Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday January 02 2017, @07:48AM   Printer-friendly
from the Robert');-DROP-TABLE-students; dept.

Jennifer Null's husband had warned her before they got married that taking his name could lead to occasional frustrations in everyday life. She knew the sort of thing to expect – his family joked about it now and again, after all. And sure enough, right after the wedding, problems began.

"We moved almost immediately after we got married so it came up practically as soon as I changed my name, buying plane tickets," she says. When Jennifer Null tries to buy a plane ticket, she gets an error message on most websites. The site will say she has left the surname field blank and ask her to try again.

Instead, she has to call the airline company by phone to book a ticket – but that's not the end of the process.

"I've been asked why I'm calling and when I try to explain the situation, I've been told, 'there's no way that's true'," she says.

But to any programmer, it's painfully easy to see why "Null" could cause problems for software interacting with a database. This is because the word 'null' can be produced by a system to indicate an empty name field. Now and again, system administrators have to try and fix the problem for people who are actually named "Null" – but the issue is rare and sometimes surprisingly difficult to solve.

[...] "Null" isn't the only example of a name that is troublesome for computers to process. There are many others. In a world that relies increasingly on databases to function, the issues for people with problematic names only get more severe.

Some individuals only have a single name, not a forename and surname. Others have surnames that are just one letter. Problems with such names have been reported before. Consider also the experiences of Janice Keihanaikukauakahihulihe'ekahaunaele, a Hawaiian woman who complained that state ID cards should allow citizens to display surnames even as long as hers – which is 36 characters in total. In the end, government computer systems were updated to have greater flexibility in this area.

Source: BBC.

What other names have you run into that have been problematic for computers?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by el_oscuro on Monday January 02 2017, @06:01PM

    by el_oscuro (1711) on Monday January 02 2017, @06:01PM (#448587)

    In SQL, NULL is actually a valid keyword to represent a null value. So if your app has dynamic SQL with unsanitized input you could certainly get this error. If you put in and get an error, then you can probably dump the entire database.

    --
    SoylentNews is Bacon! [nueskes.com]
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by maxwell demon on Monday January 02 2017, @06:03PM

    by maxwell demon (1608) on Monday January 02 2017, @06:03PM (#448589) Journal

    But doesn't SQL distinguish between the keyword NULL and the string "NULL"?

    --
    The Tao of math: The numbers you can count are not the real numbers.
    • (Score: 3, Interesting) by edIII on Monday January 02 2017, @07:53PM

      by edIII (791) on Monday January 02 2017, @07:53PM (#448622)

      I think that is what he meant by inputs that aren't sanitized. I use NULL or null all over the place, but anything inside single quotes is treated as a value, and is not null.

      I'm having a hard time figuring out how this could cause a problem within SQL specific to the name itself, and not the construction of the statement. It's usually Irish names with a ' character that gave me problems in the past, but that was before I figured out how to solve it with parameterized queries.

      The example in the article isn't SQL, but XML processing giving the error. So I would surmise the real issue has nothing to do with SQL databases, but with the APIs and frameworks that are using it.

      Unrelated to names, I had a problem with XML processing in the past and got around it with a more or less ugly hack. You base64 encode everything which makes it SQL/XML safe. At display/processing time I was decoding that data. I think that had more to do with how Google was dealing with XML, since that same XML was treated as valid in other systems.

      Making strings process safe is rather hard when we use symbols to delineate, that are *also* being used in valid names and inputs. That is something that has boggled my fucking mind from day one. We should have special bookmark symbols just for that, that have no place inside common speech. The single quote is very much used in common speech and names, and is by far the stupidest fucking delimiter of all time, along with the comma. The piping symbol would seem to be perfect, looks like bookends, but noooo....

      That being said though, with emojis and ASCII art type stuff, we would need to heavily restrict those bookmark symbols lest we deal with the same bullshit we deal with now.

      Of course, in the future everyone wants something unique. Last time I had a real issue with inputs somebody legally had an underscore in their name. Not hyphen, but underscore.

      --
      Technically, lunchtime is at any moment. It's just a wave function.
    • (Score: 0) by Anonymous Coward on Monday January 02 2017, @08:03PM

      by Anonymous Coward on Monday January 02 2017, @08:03PM (#448624)

      Ideally, yes. Not if you're using Oracle, however. Remember, kids, '' != ''! Because Oracle fucking fails!

      (Note: '' IS NULL, and as we remember, NULL cannot equal anything. Things can be IS NULL, but never equal to NULL. So, '' != ''.)

      Also if you're using the edit view in SQL Enterprise Manager (MSSQL), you can type "NULL" in a varchar column to wind up with a NULL value. Not '', NULL. At least in MSSQL '' = ''. (But NULL != NULL. NULL IS NULL, never =).

      Oh, and fuck them for not using parameterized queries. Why the fuck wouldn't somebody use parameterized queries? It makes everything so fucking easy.

  • (Score: 2) by fritsd on Monday January 02 2017, @07:12PM

    by fritsd (4586) on Monday January 02 2017, @07:12PM (#448613) Journal

    If you put in (...) you can probably dump the entire database.

    I saw what you did there, tovarisj :-)