« Configuring Foundeo Spell Checker to work with ColdFusion's FCKEditor | Main | Preventing multiple page requests after double-clicks »

Input should be validated by your application, not by your users!

Using the Symantec Store checkout process today to renew NAV for some of the office computers, I found myself baffled by one of their input requirements. Under the phone number field on the credit card entry screen, appears the phrase "Please enter numbers only." I only noticed this after typing in the phone number with a dash after the first three digits and seeing my entry get truncated because the field was at its character limit:


Why on earth can't Symantec, a company who purports to be able to defeat malware attacks and eradicate viruses from your computer, manage to parse a simple dash out of a phone number? This is a prime example of putting work where it doesn't belong-- on the shoulders of the customer. Any web site, whether they are trying to sell products or services or are just trying to get registration and participation, should make it as easy as possible for people to use the site. Parsing dashes from phone numbers and spaces from credit card numbers is so easy, there's absolutely no excuse to make the customer do it for you.

Comments (3)

Applications and websites everywhere are riddled with these kinds of UI blunders. I have a found a few examples myself (http://agileui.blogspot.com/search/label/WorstUIEver) It really just comes down to the fact that developers are trained to write logic and handle errors in code. So, it is very easy for developers to think "I fix my errors, so the users should fix their errors". Obviously this isn't an error to the person entering in the phone number which is where the standoff begins. I have had many discussions with developers where they say things like "that value isn't a valid Date or Number in Java". As long as it is a valid date in "Human" then it really is the responsibility of the software to figure that out.

I try to pose the problem in terms such as "If I told you my phone number was 555-555-1234 or (555) 555-5555, would you be able to figure it out?" The answer of course is always "yes".

We all know that software isn't human but if it can at least try to act like a considerate person would when accepting input, it would go a long way.


"As long as it is a valid date in "Human" then it really is the responsibility of the software to figure that out." Wow. That just hits the nail on the head.

Maybe it's a simple as the dev didn't have enough time to get fancier with his code.