MichaelRunyon.com – All Things Geek

Now, I hate to go off in a uncontrolled rant about certain aspects of my job without first prefacing my comments with a bit of clarity. I love my job, and especially love my ability to sometimes take a step back and look at the big future. Our clients don’t comprise a massive data set, but we are constantly exposed to new and different circumstances, and though they can sometimes present themselves in an annoying or inconsistent manner, problem solving has always been a great joy of mine, and therefore I do find pleasure in this avenue. Now, on to my subject….

Anyone who has much background in coding user interfaces (this includes web programming, ESPECIALLY web programming) has come to the complete and total understanding that a great deal of their job in creating user interfaces in maintaining the inability of the user to make choices or perform actions that we don’t wish for them to do (or don’t want them to do at that time). In making an interface and it’s controlling component, I spent nearly 80% of my time in restricting and validating user input to ensure that only valid data makes it to the control mechanism, and onward in the guts of the program. Whether it’s ensuring that a user has put in an email address that exists in a valid domain or making certain that a credit card number follows a skeleton guideline of the major credit cards, there are many, many gaps to be plugged to ensure that the user has a smooth and error-free experience. 

Sometimes, however, a smaller project might need to get completed quickly, and cost might prohibit us from completely fleshing out the validation that is typically performed on a certain control. This is not abnormal and certainly not the end of the world. Special circumstances can be accepted for certain circumstances, especially if there is little chance that your good name as the developer can’t be tarnished from the performance of the control, or that very few people will be visiting the application in question. This, however, is a completely stupid assumption, in both cases. Whatever application you end up programming in a half-complete way will eventually find itself in high usage or high visibility, and without proper preparation, you face the end result of both of your assumptions. 

A simple app that was created a few years back for a local company selling gift cards is my case in point. A relatively simple form controls the app. You put in your billing address, the shipping address that the card will be sent to, the name on the card, and a customized message. After these details are complete, you put in your credit card information and then submit it to the server. In the interest of being agile at the outset (a decision that was I not around to make at the time) this form was unprotected in the sense of user validation. There was no client or server side validation to ensure that certain values were present (like a name/address on the card, a credit card number, an expiration year, etc). At first, with relatively little user input, this was not really a problem. If the user encountered a problem, they would see a nasty ColdFusion error and would retreat to the page previous to check their input. Great, in a very savage and basic sense. Teach the user to teach themselves and correct their mistake. 

We, however, live in an age of greater expecatations these days. So after sitting in this unprotected state for a long time and being un-examined by the application, it was time to give this little app some love. When the form was setup, I was designated as a “watcher”, meaning that I got a copy of every single output of the form. Every time someone submitted the form without an error, I got a copy. What became amazing to me over time was how many times someone could screw up the form before they got it right and got their confirmation message. A user would fill out the form with just their name and the name of the person they wanted to send a gift card to and then hit submit. And the system would let them. And then, in a minute, when a message confirming their input did not come through, they would go back and do the same over and over again. Eventually they would put in an address. A few more submits and then a credit card number. And then a gift card amount. Sometimes, I would get 13 submits from the same person before acceptable input was gathered. Often times, the sales reps at the company would just call the person or try to email them, to avoid further input on their part. 

The worst examples of this, however, were the weekly or monthly persons that would click the empty form 20 times in a short time. They would follow the website link that said “Send a Gift Card” and then just click “Send Card” at the bottom of the form over and over again, completely ignoring the 20 or so user fields to put information in. When validation was eventually put into the form, a control mechanism that prevented this was set to log this behavior just out of curiosity and it in no way stopped. Let me be clear about this….hundreds of people were going to a website that presented them with a form to put in some basic information about how to send a gift card, and then just clicked away, willing the computer to try and understand that they wished a gift card to be sent to their aunt/uncle/father/son/daughter, address, name, amount and wishes unknown. 

I break down when trying to resolve these circumstances. It’s like playing whack-a-mole on a global scale. I finally get the form so that users MUST provide input for essential fields and think that will be the end of it. But then someone puts in “Visa” where it says “Credit Card Number”. Then, you have to go back and limit the input to numbers only. Then you have to go back and limit the input to known credit card formats. Then you have to autofill the city and state from the zipcode, since users will so often put the wrong city and state on their form. And on, and on, and on. 

So, to wrap this up shortly….when you browse the Internet and fill out forms to send money to someone, or order something from a website, or to see certain data from a source….remember that many hours were put into that application to ensure that you and all of the other stupid people out there can’t blindly click around in hopes of their thoughts being transmitted to the server. And hopefully you will appreciate the effort the next time. 

There. Take the soapbox away.