Dev Disasters: Just Following Orders

A major validation error in the code resulted in a 60 percent failure rate for an expense form.

If you worked at the same company as Dave R., and had the misfortune of filing expenses online through the financial department's error-prone Web site, chances are you'd know Judy Long.

It's not that Judy had special powers or abilities above those of her coworkers. Actually, she was just the lucky administrative specialist listed as a go-to contact in every error message of the financial department's expense reporting portal, which upon failure instructed the user to contact Judy and mail her form UC-100B.

Amazingly, despite the fact that 60 percent of all expense reports ended in error and had to be manually processed by Judy, everything continued working for years. That is, until an unforeseen problem arose: After 33 years, Judy decided that it was time to retire.

Naming the Replacement
Naturally, a void would be left by Judy's departure. Every error message that listed her name and contact information needed to be changed. Dave was the lucky developer tasked with hunting down Judy's name in the application and substituting it with that of her replacement.

Almost immediately, Dave knew that finding and replacing Judy's name with someone else's would be a no-brainer. But why not take the opportunity to see why so many people couldn't process their receipts, he thought.

As it turned out, the business logic in the expense application was fairly straightforward; really all that it did was generate and e-mail a comma-delimited file based on user input with some validation.

Curious how something so simple could fail so badly, Dave took a peek at the validation function and was surprised at what he found:

protected bool CheckNumericInput(string myText, int decimals) {
  int commaIndex = -1;
  if (myText[0] != '$') return (false);
  for (int i = 0; i < myText.Length; i++) {
    if ((myText[i] != '0') &&
      (myText[i] != '1') &&
      (myText[i] != '2') &&
      (myText[i] != '3') &&
      (myText[i] != '4') &&
      (myText[i] != '5') &&
      (myText[i] != '6') &&
      (myText[i] != '7') &&
      (myText[i] != '8') &&
      (myText[i] != '9') &&
      (myText[i] != '0') &&
      (myText[i] != '$') &&
      (myText[i] != '.') &&
      (myText[i] != ',')) {
        return (false);

    if ((myText[i] == '.') || (myText[i] == ',')) {
      if (commaIndex >= 0) {
          return (false);
      } else {
        if ((i == 0) || (decimals == 0)) {
            return (false);
        commaIndex = i;

    if ((commaIndex > 0) && ((i - commaIndex) > decimals)) {
        return (false);
  return (true);

Prone to Human Error
Of course, the validation approach was ugly and dumb, but why did it fail? Simple: Those individuals followed the directions on the site that said to enter values in $9,999.00 format.

Dave approached management about fixing such an infantile bug as he was replacing Judy's name with that of the new administrative specialist. To his surprise, he was shot down. He tried arguing that it would be a short fix, just one function, and that it was low-risk, but management still objected.

The Judy fix was all that they could afford at the time because their IT support budget was reduced. However, thanks to an expanded personnel budget, they would be able to keep on Judy's replacement -- thus ensuring that receipts would continue to be processed, no matter what the state of the application.

About the Author

Mark Bowytz is a contributor to the popular Web site The Daily WTF. He has more than a decade of IT experience and is currently a systems analyst for PPG Industries.

comments powered by Disqus


  • VS Code Java Tool Updates Debugging, Refactoring

    The monthly update to the tooling that boosts Java development in the open source, cross-platform Visual Studio Code editor highlights debugging, refactoring and more.

  • Microsoft Plugs Away at Blazor for Mobile in Preview 3

    Microsoft is furthering its work to target mobile app development with Blazor, the ASP.NET Core offering that originally was developed to allow for C#-based web development instead of JavaScript through the use of WebAssembly for the client side.

  • Stack Overflow Dev Survey: TypeScript Surges, Leaving Python Behind

    Microsoft's embrace of open source is paying off, says Stack Overflow in its new developer survey, as TypeScript has vaulted into second place (behind Rust) as the "most loved" programming language, pulling away from Python, with which it tied in last year's survey.

  • Docker Strengthens Ties with Azure Cloud, VS Code

    Container kingpin Docker announced extended collaboration with Microsoft's Azure cloud computing platform and Microsoft's open source, cross-platform Visual Studio Code editor.

  • Basic Will Never Die: Microsoft Open Sources GW-BASIC

    Microsoft has open sourced GW-BASIC, a programming language developed some 38 years ago. GW-BASIC and variants such as QBasic, QuickBasic and others provided the onramp to computer programming for many industry veterans.

.NET Insight

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.

Upcoming Events