Dev Disasters: Just Following Orders

A major validation error in the code resulted in a 60 percent failure rate for an expense form.

If you worked at the same company as Dave R., and had the misfortune of filing expenses online through the financial department's error-prone Web site, chances are you'd know Judy Long.

It's not that Judy had special powers or abilities above those of her coworkers. Actually, she was just the lucky administrative specialist listed as a go-to contact in every error message of the financial department's expense reporting portal, which upon failure instructed the user to contact Judy and mail her form UC-100B.

Amazingly, despite the fact that 60 percent of all expense reports ended in error and had to be manually processed by Judy, everything continued working for years. That is, until an unforeseen problem arose: After 33 years, Judy decided that it was time to retire.

Naming the Replacement
Naturally, a void would be left by Judy's departure. Every error message that listed her name and contact information needed to be changed. Dave was the lucky developer tasked with hunting down Judy's name in the application and substituting it with that of her replacement.

Almost immediately, Dave knew that finding and replacing Judy's name with someone else's would be a no-brainer. But why not take the opportunity to see why so many people couldn't process their receipts, he thought.

As it turned out, the business logic in the expense application was fairly straightforward; really all that it did was generate and e-mail a comma-delimited file based on user input with some validation.

Curious how something so simple could fail so badly, Dave took a peek at the validation function and was surprised at what he found:

protected bool CheckNumericInput(string myText, int decimals) {
  int commaIndex = -1;
  if (myText[0] != '$') return (false);
  for (int i = 0; i < myText.Length; i++) {
    if ((myText[i] != '0') &&
      (myText[i] != '1') &&
      (myText[i] != '2') &&
      (myText[i] != '3') &&
      (myText[i] != '4') &&
      (myText[i] != '5') &&
      (myText[i] != '6') &&
      (myText[i] != '7') &&
      (myText[i] != '8') &&
      (myText[i] != '9') &&
      (myText[i] != '0') &&
      (myText[i] != '$') &&
      (myText[i] != '.') &&
      (myText[i] != ',')) {
        return (false);

    if ((myText[i] == '.') || (myText[i] == ',')) {
      if (commaIndex >= 0) {
          return (false);
      } else {
        if ((i == 0) || (decimals == 0)) {
            return (false);
        commaIndex = i;

    if ((commaIndex > 0) && ((i - commaIndex) > decimals)) {
        return (false);
  return (true);

Prone to Human Error
Of course, the validation approach was ugly and dumb, but why did it fail? Simple: Those individuals followed the directions on the site that said to enter values in $9,999.00 format.

Dave approached management about fixing such an infantile bug as he was replacing Judy's name with that of the new administrative specialist. To his surprise, he was shot down. He tried arguing that it would be a short fix, just one function, and that it was low-risk, but management still objected.

The Judy fix was all that they could afford at the time because their IT support budget was reduced. However, thanks to an expanded personnel budget, they would be able to keep on Judy's replacement -- thus ensuring that receipts would continue to be processed, no matter what the state of the application.

About the Author

Mark Bowytz is a contributor to the popular Web site The Daily WTF. He has more than a decade of IT experience and is currently a systems analyst for PPG Industries.

comments powered by Disqus


  • Creating Reactive Applications in .NET

    In modern applications, data is being retrieved in asynchronous, real-time streams, as traditional pull requests where the clients asks for data from the server are becoming a thing of the past.

  • AI for GitHub Collaboration? Maybe Not So Much

    No doubt GitHub Copilot has been a boon for developers, but AI might not be the best tool for collaboration, according to developers weighing in on a recent social media post from the GitHub team.

  • Visual Studio 2022 Getting VS Code 'Command Palette' Equivalent

    As any Visual Studio Code user knows, the editor's command palette is a powerful tool for getting things done quickly, without having to navigate through menus and dialogs. Now, we learn how an equivalent is coming for Microsoft's flagship Visual Studio IDE, invoked by the same familiar Ctrl+Shift+P keyboard shortcut.

  • .NET 9 Preview 3: 'I've Been Waiting 9 Years for This API!'

    Microsoft's third preview of .NET 9 sees a lot of minor tweaks and fixes with no earth-shaking new functionality, but little things can be important to individual developers.

  • Data Anomaly Detection Using a Neural Autoencoder with C#

    Dr. James McCaffrey of Microsoft Research tackles the process of examining a set of source data to find data items that are different in some way from the majority of the source items.

Subscribe on YouTube