“No Dashes Or Spaces”
May 11th, 2008The “No Dashes Or Spaces” Hall of Shame is a monument to lazy programming. It exhibits a gallery of credit card form inputs, with instructions to the user to eschew dashes and spaces, either explicitly or implicitly via a 16-character limit.
The first rule of software robustness is this: “Be conservative in what you do; be liberal in what you accept from others.” What that means, among other things, is that you should never expect any particular formatting from your users. In fact, it is good practice to assume that the user is intent on crashing your program, and you should make it harder to do so than adding a few dashes (this applies to telephone numbers too, by the way.)
I wonder if the programmers who wrote these credit card processing schemes remembered to sanitize their database inputs?
For those of you who aren’t programmers, string manipulation — that is, working with letters and numbers — is, or should be, a piece of cake. It takes all of one line, in pretty well any programming language, to remove all non-numeric characters.
In Perl, as given at the hall of shame:
$ccnum =~ s/[-\s]//g;
In PHP:
$ccnum = str_replace(array('-', ' '), "", $ccnum);
In Javascript:
ccnum = ccnum.replace(/[-\s]/g, "");
In Python:
ccnum = ccnum.replace("-","").replace(" ","")
In Ruby:
ccnum = ccnum.gsub("-","").gsub(" ","")
Now, I don’t consider myself a programmer. I can pull off FizzBuzz, and I can write a web application in PHP, but I’m no C guru. I’ve never studied computer science save first year, and I’m sure people with more practice in their respective languages could come up with better ways. In fact, judging by the comments on FizzBuzz, I doubt any programmer who comes across this could help but to try to find a better way. God bless you neurotic saints.
The point is that it doesn’t take long to figure out how to do this simple operation.