What only relying on JavaScript for HTML form input validation looks like

The GET /users endpoint will return a page of the first 13 users by default.

To request other pages, add |-separated querystring with the limit and offset, as roman numerals enclosed in double quotation marks. Response status is always equal to 200, plus the total count of the resource, or zero when there's an error.

You can include an array of friends of the user in the result by setting the request header "friends" to the base64-encoded value of the single white pixel png.

Other metadata is not included by default in responses, but can be requested by appending ?meta.json to any endpoint, which will return an xml response.

If you want to update the user's profile picture, you can request an OAuth token per fax machine, followed by a pigeon POST capsule containing a filename and a rolled up Polaroid picture. The status code attached to the return postal dove will be the decimal ASCII code for a happy smiley on success, and a sad smiley if any field fails form validation.

-- Every single external REST API I've ever worked with.

Me: "I'm a programmer"

Others: talks about linux
Others: search algorithms!
Others: service infrastructure
Others: memory optimization
Others: encryption

Me: "I'm a front end web developer"

Others: complex services
Others: strong user form validation
Others: lazy loading
Others: SEO

Me: "fucking, I make shit look pretty alright"

Client-Side Form Validation only be like...

Never loose your hope ..
.
.
because once upon a time javascript was used just for form validation and jquery animation.

A client asked me to add a mobile phone field to a registration form and asked me explicitly to use their server side validation for it.
Apparently they need a valid provider prefix, but after that everything goes. This was passed as valid mobile phone number.

When you have a poor form validation....

Friend asked me to help with his HTML5 form validation. His back-end work was decent, but whoever did the front-end... Oh boy.

They used media queries for mobile etc, which was fine. Until I saw what the queries did. Instead of resizing the form accordingly, they hide the visible one and make another one visible.

WHY WOULD YOU DO THIS

The nightmare continues.

Currently dealing with a code review from a “principal” dev (one step above senior), who is unironically called a “legendary dev” by some coworkers. It’s painfully obvious he didn’t read the code, and just started complaining and nitpicking.

It’s full of requests to do things that make absolutely no sense, and would make the code an unmaintainable mess.
• Ex: moving the logic and data collection from the module’s many callers into the module instead of just passing in the data.
• Ex: hiding api endpoint declarations by placing them in the module itself, and using magic instance variables to pass data to it. Basically: using global functions and variables instead of explicit declarations and calls.
• Ex: moving the logic to determine which api endpoint to use, for all callers, into the view.

More comments about methods being “too complex” (barely holds water) right next to comments saying “why are these separate? merge them together!”

Incredulously asking how many times I’m checking permissions and how ridiculous it all is. (The answer? Twice.)

Conflating my “permissions” param and method names with a supposedly forthcoming permissions system overhaul, and saying I shouldn’t use permissions because my code will all have to get rewritten. Even if that were true, and it’s likely not, the ticket still needs to use the current permissions. I can’t just ignore them because they might be rewritten someday.

Requests to revert some code cleanup because the reviewer thought the previous heavily-nested and uncommented versions (with code duplication) were easier to read. Unsurprisingly, he wrote them.

On the same ticket, my boss wants me to remove all styling and clientside validation, debouncing, and error messages from a form. Says “success” and “connection failed” messages are good enough. The form in question sends SMS and email using arbitrary user input for addresses. He also says it shouldn’t be denounced on the server, and doesn’t want me to bother checking permissions. Hello, spam!

Related: the legendary dev reviewer says he can’t think of a reason why we would want to disable the feature for consumers, so I should remove the consumer feature flag.

You can’t make this stuff up.

I finally got Redux-Form’s `initialValues` to work! Wooooo~!

/giphy confetti cheering

It turns out I haven’t actually been doing anything wrong for the past week. I mean, I've been working on other things during that week, too, but I've been trying to solve this the entire time.

The cause? ReduxForm made a breaking change awhile ago (v5; we’re using v7) that prevents the `initialValues` prop from working if you decorate your form component in the wrong order. Many examples online are incorrect because of this.

Basically, the decorators `reduxForm` and `connect` do not commute:

Incorrect:
`reduxForm(...)( connect(..., {...})(form) )`

vs Correct:
`connect(..., {...})( reduxForm(...)(form) )`

But what really pisses me off is that the fucking documentation specifically fucking states that you may decorate your component IN ANY [FUCKING] ORDER.

/giphy that is [fucking] false

So, I've been following example after [fucking] example that either list these in the wrong order, or I just don't notice the different order because it doesn't matter. AND because of that NONE OF THE [...] EXAMPLES WORK.

ARGH.

I've been pacing around the office trying to figure this out for days. I've rewritten my code three times to try to solve this. I've written two workarounds for it only to rip them out and try again because they both broke some other part of the UX. (e.g. causing false validation errors after rerender)

just. hafhsldkjhgjkhagklwhsdjfkahslf. 😡

/giphy angry hades

You know how I discovered this?
I found it in a github ticket. One solitary, untagged ticket from October of last year. Not a single goddamn post anywhere else mentioned this. And the [...] documentation specifically [...] states the [...] opposite!

Bloody [...] hell.

but it finally works.
as;kgjhaekl;gahgjkdflssdafh.

I could scream.

Junior coder says validation is not needed on asp.net mvc form pages because it is not in the requirements or part of the definition of done. Wants to argue about it. Refuses to do it. Says I am over optimizing or some shit like that. Good luck with that. If you can't figure that one out or listen to feedback perhaps you should become a project manager not a programmer.

Just got a lection from my manager.
Today he sent me an email with request to change validation on one field validation from decimal(5,3) to int which will be 5 digit number. Ok i did that, I changed it on UI, changed validation, changed mappings, changed dtos, created migration files, and changed it in databse. After i did all of that I replied to his email and said that ive changed validation and adjusted it in database.

After my email here comes rage mail from manager with every fuckin important person in cc I kid you not. Manager is asking why the fuck did I change database when Ive could only use different validaton for that field on UI.

I Almost flipped fuckin table. What does validation good do if you wouldnt be able ti save that form? And form has like 150 fields. And if I left validation only everthing would fuckin break.

Sometimes i think that its better not to think.

FML

Did you know that talking about your goals actually decreases your chances of reaching them? It's a form of social validation. Talking about them and receiving praise from your peers in a sort of mini-goal which could replace the actual goal so you are less motivated to actually go for the real goal. Best of luck anyway! May the odds be ever in your favor when facing procrastination😂

I might be fucked up, but I have a tendency to gravitate towards the shit that everyone else dislikes for the sake of knowing if their bias against is actually because shit is truly fucked up or if shit is legit plain WRONG.

From all technologies that I have worked with professionally I can count:

Java(currently in the form of old JSP services for an "enterprise level application")

Java for Android development - i was the lead engineer for a mobile project

Swift with IOS dev, same gig as the above.

C++ for Android development in the form of OpenCV with Java as well.

Javascript in all possible forms, basic input validation, ajax services, jquery datatables, jquery animations and builders.

Css/sass heavily

Clojure for an ldap active directory application

Python for glue scripts

Classic ASP with JScript and VBScript

VB Net forms

C# For ASP.NET MVC

Bootstrap for multiple intranet frontends

Node+Express for a logistics warehouse management tool

Ruby on Rails freelancing small gigs

Php in all ways possible from complete standalone php apps to Laravel and just php+composer apps aaaaall the way to wordpress

Django consulting

I have found that the one that I dislike the most is wordpress. And the one that I like working with the most is Node. Don't know why, i just do really fucking like messing around with Javascript, the language has changed a fuckload throughout the years and continues to increase and change. It was my first scripting language following a stint in me trying to learn cpp way when i was starting and royally FAILING

Never really got the hate for it, even when I used JScript with classic ASP i just enjoy working with Javascript a lil too much. And from all the above mentioned stacks safe from Php is the one, or one of the ones in which i don't royally suck :V

One of my classmates was working on a login form, and the fucker handtyped a 100+ character email validation regex but forgot to add a check to make sure no fields were blank.

It was funny when I was able to create an account with no username, breaking his website, and even funnier when I told him html forms have a built-in email pattern

At work, my closest relation is with the DBA. Dude is a genius when it comes to proper database management as well as having a very high level of understanding concerning server administration, how he got that good at that I have no clue, he just says that he likes to fuck around with servers, Linux in particular although he also knows a lot about Windows servers.

Thing is, the dude used to work as a dev way back when VB pre VB.NET was all the rage and has been generating different small tools for his team of analysts(I used to be a part of his team) to use with only him maintaining them. He mentioned how he did not like how Microsoft just said fk u to VB6 developers, but that he was happy as long as he could use VB. He relearned how to do most of the GUI stuff he was used to do with VB6 into VB.NEt and all was good with the world. I have seen his code, proper OOP practices and architectural decisions, etc etc. Nothing to complain about his code, seems easy enough to extend, properly documented as well.

Then he got with me in order to figure out how to breach the gap between building GUI applications into web form, so that we could just host those apps in one of our servers and his users go from there, boy was he not prepared to see the amount of fuckery that we do in the web development world. Last time my dude touched web development there was still Classic ASP with JScript and VBScript(we actually had the same employer at one point in the past in which I had to deal with said technology, not bad, but definitely not something I recommend for the current state of web development) and decided that the closest thing to what he was used was either PHP(which he did not enjoy, no problem with that really, he just didn't click with the language) and WebForms using VB.NET, which he also did not like on account of them basically being on support mode since Microsoft is really pushing for people to adopt dotnet core.

After came ASP.NET with MVC, now, he did like it, but still had that lil bug in his head that told him that sticking to core was probably a better idea since he was just starting, why not start with the newest and greatest? Then in hit(both of us actually) that to this day Microsoft still not has command line templates for building web applications in .net core using VB.NET. I thought it was weird, so I decided to look into. Turns out, that without using Razor, you can actually build Web APIs with VB.NET just fine if you just convert a C# template into VB.NET, the process was...err....tricky, and not something we would want to do for other projects, with that in we decided to look into Microsoft's reasons to not have VB.NET. We discovered how Microsoft is not keeping the same language features between both languages, having crown C# as the language of choice for everything Microsoft, to this point, it seems that Microsoft was much more focused in developing features for the excellent F# way more than it ever had for VB.NET at this point and that it was not a major strategy for them to adapt most of the .net core functionality inside of VB, we found articles when the very same Microsoft team stated of how they will be slowly adding the required support for VB and that on version 5 we would definitely have proper support for VB.NET ALTHOUGH they will not be adding any new development into the language.

Past experience with Microsoft seems to point at them getting more and more ready to completely drop the language, it does not matter how many people use it, they would still kill it :P I personally would rather keep it, or open source the language's features so that people can keep adding support to it(if they can of course) because of its historical significance rather than them just completely dropping the language. I prefer using C#, and most of my .net core applications use C#, its very similar to Java on a lot of things(although very much different in others) and I am fine with it being the main language. I just think that it sucks to leave such a large developer pool in the shadows with their preferred tool of choice and force them to use something else just like that.

My boy is currently looking at how I developed a sample api with validation, user management, mediatR and a custom project structure as well as a client side application using React and typescript swappable with another one built using Angular(i wanted to test the differences to see which one I prefer, React with Typescript is beautiful, would not want to use it without it) and he is hating every minute of it on account of how complex frontend development has become :V

Just wanted to vent a little about a non bothersome situation.

Am I going crazy or is the web dev community on some otherworldly drug?
Now "server-side"-whatever is the coolest thing ever?
To the point where client side validation is not recommended anymore and actively discouraged? Are you kidding me? So, you mean to say after filling a long form with millions of fields, the page will RELOAD when I press submit and after waiting an eternity for your shitty server to respond then and only then will I know what fields are invalid?
GTFO with that bullshit.
How in the world is that good UX/UI?
I've always had this theory that we humans are the dumbest species to ever walk this earth. I mean, serisouly, how is this even a thing?

Imagine if a mobile app had to restart to tell you that your email is invalid in a simple form.

But.. but... but... what if the client has disabled javascript? Then fuck them! Who the fuck cares? What's next? Some dumb user is still using Android 2.1 Eclair and we should make our app support them? Fuck no! Fuck them, they should update.
Newsflash, if Javascript is disabled, then pretty much everything will be broken anyway.

Form validation should be instantenous. This isn't rocket science.
It should happen as the user types so they can see what's valid/invalid in real-time.
This does require effort and consideration, something many devs lack apparently.

This is just ridiculous.

I am stuck with another Postman.

Attrition in my current org is way to high in product teams and we have only one designer shared between ~100 people (10 product lines).

My ex-lead (a genius) and my skip level manager (very smart chap), both keep saying that my manager is a very good manager.

However, in reality, I don't find so.

- Only responds to my questions
- Ignores any other form of communication
- No help on any front
- No support or validation on my tasks (hence, I have to actively keep asking for feedback)
- Regularly cancels 1:1
- Involves other team members in 1:1 and cancels theirs as well
- Says I am doing well but keeps nitpicking in my work
- Hardly reviews anything

My company is amazing, pay is good, perks and opportunities are wonderful, kickass learning but my direct manager isn't making me feel comfortable working here.

Maybe she is too cramped with responsibilities but again, I have never seen her deliver anything and all she does is a postman job of taking inputs from her manager and pass on to me and coordinates until me and her manager decide to jump on a call and figure things out ourselves.

It's just been 3 months and I feel more annoyed than worried about being here.

Yes, a plus, i.e. `+`, is a fucking valid char for an email address.

Your online service is shit, you don't know your craft, and you should feel bad about yourself!

But you thought email is fucking simple, google for email validation regex and took copy pasted the first fucking find from some random blog that validates anything but an actual fucking valid email addresses, didn't you!?

(Funfact, the plus sign allow to create email aliases in some free mailer services. GMail for instance. That's why I l like using emails like my.actual.mail+I_KNOW_WHY_YOU_ARE_SENDING_SPAM@gmail.com as my registration email. Also, brute-force that login email.)

Me: The dev agency didn’t follow best practices. They only implemented front end validation on the form. The form submits to a public endpoint, so bots don’t have to go through our site to submit the form. That’s why our database is still filled with $1 donation transactions. I honestly recommend telling this to the dev agency and request that you not be charged for the extra work needed to do this right.

Manager: They charge $95/hr and they’re billing for 8 hours already.

[Aside: The agency’s task was to implement a $10 minimum on the form, do some text changes, and deploy.]

Me: I would expect work to be done according to accepted best practices. It’s really a half done job.

Manager: But they were very helpful when we had that payment processing emergency. They stayed late to help us. We shouldn’t push this in case we need their help again. Can you do the backend validation? [We are in US and agency is in Lithuania.]

Me: 🤬😩😑🤐[To myself: This wouldn’t have happened if the fundraising team hadn’t panicked and would only wait until I came back from my one day of PTO.]

It annoys me when restaurants provide an online form for reservations, put in their disclaimer that "no reservation = no table", but when you make the reservation things go wrong.
For starters: their infrastructure not working on weekends (while they are open on weekends), them doing manual instead of automatic validation of a reservation, them not even knowing how to manage their own reservation system (which gives me the idea that they purchased some random reservation software).

I ended end having to call them about my reservation, they had a confused voice at the phone while they were navigating their own reservation software and ended up saying "Yeah ok table is booked, bye". I understand they're stressed out but come on, I don't think this is a modern nor graceful process. If you're boasting about having a reservation form, then at least live up to it. It reminds me of another restaurant where I had made a reservation online and when I got there, they told me "Next time book by phone please, we're not used to our software". For *********** sake.

Bah.

I was just going to sign up for a new ISP when they asked for my email. But they managed to screw up the email form validation by only allowing domains with the tld comprising of two or three characters! My email address ends with “.blog” so had to use my university email 😠
Please follow the RFC

If you’re a Russian ux engineer who is present in a Russian ux community and you fucking make your form validate on change event and that leads to the situation when a user starts entering their email and your bouba form immediately throws WRONG EMAIL errors, we don’t call you a bouba.

We call you a ебанок (ebanok) — a small, stupid and miserable creature that you can only feel hatred mixed with disgust towards.

This shit is acceptable if you’re an intern making their first shy steps creating their own personal project, but if you push this to production, you’re a ebanok. If you don’t know how to do ux, just use server-side validation or display errors with alerts on submit.

You fucking ebanok.

WTF?!? so apparently I guy I know, knows the guy who built dodeley.com (don't get me started on the name!)

Oh boy... Where should I begin? So besides the fact that I'm pretty sure these newsletters will be classified as spam (aites like mailchimp and so on actually pay large mail providers not to classify them as spam, I doubt they do...), their so called "widget" is just a form, sent to their domain using GET, FUCKING GET, NOT POST, GET!!! The request looks something like "dodeley.com/?action=subscribe&id=xxx&field1=xxx&..." I mean like, WTF? Oh and their solution to not leave the page is simply to add a target="_blank" to the form, that you have to include on your site.

Did I mention, that the form id is static? Did I mention, that there's no validation on what you enter?

Who the fuck programmed this shit? Honestly!

Create a html page on paper, a simple form.

That part was easy.

The hard part was to create the ajax submit function with the validation, jquery is ok.

Failed the test because no way i can remember those shit.

That was 6 years ago

I'll try to pay back some smaller credit by one large credit...

Hence I need to contact the banks and get one (!) fucking frigging stupid piece of paper which lists the account number and the amount of money I need to pay back.

Sounds simple ...

Well.

One bank just answered my email request by sending me that piece of paper. Except they didn't have any validation of my identity.

Yes. They answered the request of 'I want to pay back the credit in full, can u send me the necessary documents?' (more formal of course) with confidential data without any more credibility than my email address.

YAY.

Another bank requests a telephone call for identity validation and sending back a signed form via postal service...

Another bank just needs a PDF sent via mail with an electric signature (yeah. They were aware of what that means - I was shocked and confused) or a "qualified signature matching previous documents" (translated from German).

The last one offers a WhatsApp number - send a GIF / JPG or video and we answer directly.

I need to reach a higher state than drunk.

It's not funny to know how confidential data gets mistreated by companies who should have the highest security.

Working for a large client converting paper forms to the web. Stated goals, simplify data entry for clients, improve data quality, reduce resourcing in backend human processing.

We met to review prototype and discuss workflow questions. Crazy deadlines, with the usual changing scope creep.

We start to point out the need for data validation, to shorten # of questions based on answers.

Business says no. All forms should be submittable regardless of what user enters, don’t put validations in because all that warning messaging confuses them and takes up more time.

Web form should behave like the paper copy....

Welcome to 1975!!! This is why 2018 won’t be like 2018...

Using Oracle ADF along with ADF Faces to build a simple learning management system. No JavaScript, no external stylesheets, all inline styles, no client side validation, doing form submit for every field's onblur event triggering a server-side validation, creating a VO for every damn page requiring data, creating an EO for every DB table or view, adding big-ass custom queries for most EOs to join on multiple tables, frequent N+1 queries, etc.,

Idont remember the rest of the problems

Work wants me to scroll to invalid fields after validation on a form. Is there actually a use case for that? Because it sounds terrible.

There have been a few :)

If say it's a videos utter project I initially though was good. Apart from loading a view the controllers didn't do anything - my initial thought was some magic was happening behind the scenes.

However, when I opened up the view things changed.

ALL the business logic happened in the view. Everything. Form processing, consuming an app, file uploads, validation, crud ... You name it, it happened in view. The developer created a raw MySQL connection and build his queries by concatenation g strings, the whole system was wide open to sql injection.

Even more annoying was the "source control" he invented. Every file had several copies. I.e. "User(working).php", "user_v3.php" and even "user(working_no_profile_fields_1.php". It wasn't even like there was any consistency in what file was actually used either. A complete mess. The system had around 69 screens too. No idea how the developer got that gig.

I wanted some ideas on how to word an error message better, so I googled "error message best practices".
80% of the results were about form validation and not actual code breaking errors >:(

On the up-side, I now know that I must not say "No, Bad User!"

My employer has an application for product ordering/maintenance. Sounds pretty normal. It's an Excel spreadsheet that uses VBA to do the work, with a ton of SQL functions for row validation and procedures for database functions.

The guy that wrote it was a contractor who left the company well over 5 years ago.

No one on my team knows VBA. Me being the new guy gets tasked with this shitty VBA application's upkeep. Any time one of the braindead users fat fingers a value and the form blows up, I'm responsible for telling them exactly why they are stupid and sometimes I have to fix it for them because of the protections on the spreadsheet.

I've been asking the business to back a project for my team to develop a replacement but there is already so much happening for IT at my workplace, and my team is so under staffed (3 devs? Really?) That we spend most of our time fixing broken old shit.

We get an intern next month. Hopefully things improve soon because this tucking time bomb application sucks for everyone involved.

Let me rant! I don’t usually do this but this is just frustrating and draining. Please tell me if im wrong. We have authentication that needs to be refactored. I was assigned on this issue. Im a junior btw. I also attached an image of my proposals. The issue of the old way of our signup process is that when validation fails they will keep on accepting the TaC (terms and conditions) and on our create method we have the validation and creating the user. Basically if User.create(user_params) create else throw invalid end. (Imma take a photo later and show it you)which needs to be refactored. So I created a proposal 1. On my first proposal I could create a middleware to check if the body is correct or valid if its valid show the TaCs and if they accept thats the moment the user is created. There is also additional delete user because DoE told me that we dont need middlewares we have before and after hooks! (I wanted to puke here clearly he doesn’t understand the request and response cycle and separation of concerns) anyway, so if middleware is not accepted then i have to delete the user if they dont accept the TaCs. Proposal 2. If they dont want me to touch the create method i could just show the TaCs and if they dont accept then redirect if they do then show form and do the sign process.

This whats weird (weird because he has a lot of experience and has master or phd) he proposes to create a method called validate (this method is in the same controller as the create, i think hes thinking about hooks) call it first and if it fails then response with error and dont save user, heres the a weird part again he wants me to manually check on each entity. Like User.find_by_email(bs@g.com) something like that and on my mind wtf. Isnt it the same as User.create(user_params) because this will return false if paras are invalid?? (I might be wrong here)

This is not the first time though He proposes solutions that are complex, inefficient, unmaintainable. And i think he doesnt understand ruby on rails or webdev in particular. This the first time i complained or I never complained because im thinking im just a junior and he hs more experience and has a higher degree. This is mot the case here though. I guess not all person who has a higher degree are right. To all self thought and bachelors im telling you not all people who went to prestige university and has a higher degree are correct and right all the time. Anyway ill continue later and do what he says. Let me know if im wrong please. Thanks

I just used a contact form of a local webshop. I couldnt enter my email address because it contains a +.

I contacted them to tell them about this issue and the response was it is because of security reasons. Since when is following specs a security breach? Unless their system is one leak I don't see how its possible.

Am I wrong or did they either lie or have a leak in their system?

Okay so I'm pissed. My JavaScript form validation doesnt work so I went tried it on the most simple fucking html form and it fucking works and I dont fuckign know what the problem is since I literally copy and pasted the form from the one that doesnt work

Find it funny when the client offers to pay 100Aed for designing a simple sign up form and asks to add 50Aed if validation, email and backend is done..

At old e-commerce job, some orders were coming through with most of the shipping info missing. The only info filled out was the State. When we looked at Heap, we could see the user was filling in those fields. There was both frontend and backend validation for required form data, so the user shouldn’t have been able to checkout without an address.

When I looked at the BE logic, I saw addresses were retrieved from our database by using a method called GetOrCreateDefaultAddress. When the website couldn’t find the address in the db, it created a new one where the only address field that was filled in was the state.

Unfortunately, this default address creation was happening after the submit button had been hit. There was no logic to validate the address this late in the checkout because the earlier form validation in the process should have caught this.

The orders did have email addresses, so customer service did have a way to contact the customer. I have no idea what happened to the user’s address. Was it never saved? Did it get caught up in a cron job to delete old users and addresses from the db??