Over the years Software Engineering has gone through many iterations of best practices. Form field validation is no exception to this.
The morale of the story here is stop rolling your own validation. This is one of those things that seem super easy to do, so you just quick roll your own and then move on. Except you never move on because you’ll get tickets to fix stuff until the end of time.
Let’s talk about email validation as an example:
[email protected]
Early on, email was validated by checking if the email had letters, an @ sign, letters, and then ended with .com. This worked great until…
[email protected]
People started using subdomains for email. So we allowed for that. This worked great until…
[email protected]
People started using other TLD’s. Now we change validation to be the email had letters, an @ sign, letters, and then ended with .[com,net,org,gov,edu]. This worked great until…
[email protected]
People started using numbers in their emails. So we allowed numbers in the emails. This worked great until…
[email protected]
People started using special characters in their email (think periods, plus signs, etc). So we allowed for those. This worked great until…
[email protected]
All kinds of TLD’s became a thing. The wild west of TLD’s. So then we just said anything after the dot. This worked great until…
[email protected]
Some very nerdy people used IP addresses instead of domains. So we allowed IP addresses. This worked great until…
me@0:0:0:0:0:0:0:1
Some really nerdy people started using IPV6 instead of IPv4. So we allowed for that.
Don’t even get me started on validating if something is a valid IP address.