Once I was doing a livestream making a website called "Internet Flamewar" in front of a squirrely audience. The idea was to submit two things and then argue why one was better than the other in a sort of Reddit-style comments system. Vim vs Emacs. Cats vs Dogs. Stuffed lambs vs stuffed frogs. Important stuff ya know?

Despite the fact that this was a horrible idea for a website because it would quickly become a steaming cesspool of horrible comments, I also made a wee little mistake with the code. I was creating the database table for a comment, and used this Django class:

class Comment(models.Model):
    user = models.ForeignKey(User)
    body = models.TextField()
    date = models.DateField()

Can you spot the problem?

It was made clear to me when I put the site up and the viewers of my livestream descended upon it. The first rule of launching a new website is that someone is definitely going to try to break your site immediately. I looked at some of the posts people were making and then discovered a page that had a bit of a formatting problem.

Someone had decided to try pasting the entirety of Kafka's Metamorphosis into the comment box.

They just went to http://www.kafka.org/index.php?aid=170 and copied all 121,177 characters of the book's text and shoved it right up into my database. And the database happily saved every last character.

The solution was simple: Just add a length limit to the body field.

class Comment(models.Model):
    user = models.ForeignKey(User)
    # Add max_length to the body field:
    body = models.TextField(max_length=255)
    date = models.DateField()

So please, validate the max length of your form fields. And not only in Javascript on the browser for that matter!

Receive the Less Boring Letters

Twice a week you'll receive my letters about the art, science, and business of the web, consulting, and the occasional silly thing. Join cool programmers, business owners, and friends the world over.