Null Dilemma: The internet refuses to believe this man exists thanks to bad SQL coding
It is a troublesome process registering for an account with online services and filling out web forms if you have any sort of name that is atypical. As a person with a hyphenated first name, I know this pain well, as web forms often tell me that I can't have the name "Mary-Ann" - refusing to proceed unless I accept that my name is "Maryann".
Misspelled names can be a problem, especially if you travel to countries with fussy immigration policies, and airlines refuse to print out boarding passes that match your passport name. So when I read about the trials of US technology journalist Christopher Null, I felt for him.
Christopher Null has a very unfortunate surname – in the SQL programming language that is used to communicate with databases, "null" is a reserved term meaning that the value of a string (text input) is undefined. This means that when he tries to sign up for an account with a new web service and fills in the surname field of a web form with the word "Null", sometimes the website's SQL server will instantly reject his name.
"Most will accept 'Null' without complaint. Some will loop back to the input screen and tell the user to try again, that the last name field can't be blank (but it's not blank! That's just my name!) Some will tell the user that 'null' is a reserved term that can't be used. And some will just crash," Null writes in Wired.
"It turns out it's also surprisingly common, and it seems the larger the company is behind the application or the website, the more trouble it will have with my name,"
Null Dilemma
However, aside from situations like this, the issue of whether null values should be used in a database is often debated amongst software developers, and is known as the Null Dilemma. For example, Ben Nadel, co-founder and lead engineer at InVision App, who is an expert in Adobe's ColdFusion web app server platform, states that null values should absolutely not be used in databases.
"Allowing NULL values makes you work extra hard to get the kind of data you are looking for. From a related angle, allowing NULL values reduces your convictions about the data in your database. You can never quite be sure if a value exists or not. Does that make you feel safe and comfortable when programming?" he wrote on his blog.
Michael Byrne of Motherboard Vice argues that using null is important because in programming, the developer is constantly creating variables, which are meant to be associated with specific values. So in order to differentiate between an actual problem with the system like bad data or errors, and a variable that has deliberately been left undefined, the developer gives that variable the value "null".
"Null is clearly a value. It has meaning—a whole lot of it, actually—but its whole purpose in life is to indicate no value," writes Byrne.
Is using "null" just a bad SQL coding habit?
But other developers aren't so sure that null is required. In fact some think that errors like the ones Christopher Null has seen are due to the developer being lackadaisical, only concerned with getting the software working but not caring that the coding structure might be questionable.
"With proper coding it wouldn't matter. Anything you put in will be treated as a string. They are running into issues because they're not properly parameterising their queries... Whoever wrote that should be suspended and forced to spend the next 3 months learning about SQL injection, etc," user donrhummy states on Reddit.
XKCD creator Randall Munroe once drew a much-loved computing comic (above) that is often referenced by software engineers about bad SQL coding habits in relation to the name fields in databases (comic meaning fully explained here). Bad coding can lead to SQL injections, a type of vulnerability that can be exploited by hackers in cyberattacks to steal customers' personal details and banking information from a company's database.
So should you use null values? The debate rages on and some people in the industry feel that better standards for coding are needed, and yet others think that software developers should redesign databases and web forms to accept unusual names, such as single-word names.
However, as long as parents don't suddenly all decide to start naming their kids after incorrectly-escaped database inputs like "Robert'); DROP TABLE students;--", then we're probably still okay for now.
© Copyright IBTimes 2024. All rights reserved.