When Your Last Name Is Null, Nothing Works
No, when people DON'T PROPERLY SANITIZE THEIR USER INPUT, nothing works!!!
Looks like little Bobby Tables has some extended family.
this post was submitted on 21 Feb 2025
92 points (96.9% liked)
Programming
18422 readers
599 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities [email protected]
founded 2 years ago
MODERATORS
Who the hell writes if 'null'? If it's a thing, what language would interpret a string like that?
It's fine in PHP, so that catches most server backends.
Ruby as well, it even raises a warning about the string where a bool should be!
Python handles it just fine, as well.
Rust doesn't allow it, depending on the backend framework and server software this might give issues.
So depending on how this is handled a C# or Rust backend might cause the name not to be stored, but then I'd expect nothing to be stored... :/
Fucking JavaScript
No it doesn't?
> Boolean(null)
false
> Boolean('null')
true
> null == 'null'
false
Srsly?
Javascript is fun. The video takes a few jabs at ruby and then gives a glimpse into the insanity that is Javascript.
More of this please
!![] + !![] == 2
I'd bet it's less simple input sanitizing and more 2 mistakes made separately because they don't know any better.
- The input field converting everything to a string indiscriminately
- Because they did 1, converting everything back to the assumed type
If the front end Dev makes the first mistake, null would be sent in the body as "null". Then on the backend, somebody might even be binding the variables correctly, but before hand realizing they have to deal with the market and rather than just have a conversation undoes it in their own code.
Representatives for the internet provider she had used in her old apartment initially told her they couldn’t cancel her account because there was no last name associated with it.
She had been paying the company for months. She has since switched internet providers.
Are people this silly? Just stop paying them. They'll figure out how to cancel the account.
They might report you to a credit agency or keep your deposit
"We're sending you to collections"
Oh so you have my last name?
"...no..."
I've seen XML parsers that will convert element content from strings to native types by default. So "0" becomes an int, "true" becomes a boolean, and "null" becomes an actual null. I had to take extra steps to keep everything as a string unless explicitly told not to.
JSON does not have this problem, BTW.
I don't think anyone actually chooses XML. There's no reason to use it over JSON unless you need to.
XML can validate itself and there's the self-documenting WSDL; so while it has more overhead and an ugly syntax it can make for a more stable and earlier to understand API for your API's consumers.
This point is always stated about XML as if it were the most important part of choosing XML.
But jsonschema exists. It has the same capability.
Ah but... Nobody uses that! Because then you wouldn't choose JSON
json is fine as a serialization format for things that need to be text, but it's not great as something that gets edited by hand.
not that I enjoy xml, but writing long strings in json is even worse. xml I can write multiline strings as a first class entity.
I can add a comment to an xml document, json I have to write something hacky like "//": "my comment" and hope whatever is consuming it doesn't care.
there's just as many problems with json parsers, since most but not all of them treat numbers as js numbers, which are basically floats. you can't rely on an arbitrary consumer having support to parse ints above a certain size so you just have to make everything a string and hope.
json allows duplicate keys, but they get overridden by the last occurrence. you can't round trip json without losing something. you can't rely on just seeing a key value in json text and that being correct since there could be another later. doesn't come up often but it's there.
The entirety of the banking world uses XML very heavily, as it's part of the SWIFT standards.
I didn't say that it's not used. I say that you shouldn't if you have the option.
If the entire X world uses Y technology. You have no choice other than using Y technology.
Really? Right in front of my AJAX?
Wait til they meet my friend Little Bobby Tables.
This topic pops up in random news sites like every 5 years, and usually the conclusion is people with these names have less and less problems, as systems evolve.
Nowadays names which looks like some vulgar words cause more problems, it's called the Scunthorpe problem from the city of Scunthorpe. As this is a shitty article, this actual problem is not even mentioned, classic.
Lol one of the characters in my D&D group is named Farthard (pronounced Far-thard) and his steed is named Shithead (pronounced Sha-theed)
little bobby null
Anyone got a non-paywall link? I’m changing my name soon and this is highly relevant to my interests.
This seems to be old news, and paywalled.
Edit: gee, thanks MSN. The article i'd read was about the license plate.
Morgan Null, in black, with her parents and brother, all Nulls. lol
Not that rare of a name apparently...
Taking the issue at face value, I wonder what Johnny Null's workaround would be for his (or their) name?
N'ull? Nul-l? \Null? Null? JohnnyN ull?
Definitely not N'ull, that would trigger a SQL error when it can't interpret the ull after the string delimiter.
If they're not sanitizing that, they deserve to have their system broken lol
--Null
NuII works
Spoiler
Upper case i