Chars, strings, and injections

As a follow-up to testing with numbers, there are special chars, strings, and injections I use in testing alpha fields.

Name fields are a good example of testing alpha fields because first and last name fields are common. And name fields help remind me to use umlauts and accents which are two special chars I like to use. Beyond min, max, and the absence of an entry, here are some other ways I test name fields.

Hyphenated last names such as Joyner-Kersee.

Names that begin with O’. Think O’Reilly.

Long names. In my experience, name fields often only accept 20 characters so hyphenated names challenge length in a practical way vs. just maxing the field with assorted characters. A look in Wikipedia presents the term double-barrelled names. For a double-barrelled name, use two names together in a last name field without the hyphen.

I run through field truncation testing after data entry testing. If I max fill a field, I then look through the application where the entry value will be displayed or printed to check none of the data entry fields were truncated. A previous boss of mine (thank you Bob) taught me to use the exclamation mark at the end of data entry fields – it’s a fast way to eye scan a screen or printout to look for field truncating. I’ve trained my eyes to look for the exclamation mark (!) at the end fields then I don’t have to remember what the last char was of the string I entered.

Back to special chars, outside of the alpha range, I use umlauts, accents, and tildes. I focus on characters likely to be used in people’s names. For ideas on special characters.

A simple method to test with special characters (especially in name fields) is to build a small notepad file. I’ve created a small file with a few challenging names that include special chars like umlauts and accents and then I use values from my notepad file when I have a name field to test. Name fields are everywhere.

I use the same concept I wrote about in testing with numbers – to speed up testing, I combine several small checks into one entry. I don’t need many entries to test multiple conditions.

Another test is to use html characters or hex characters in a data entry field. It can be interesting to see how a data entry field accepts these characters.

Unexpected data entry values lead me to think about testing that can be great fun, SQL injections. SQL injections is a topic for another time but I’ve found web pages I’ve tested are not usually prepared to prevent an injection. A word of caution on SQL injection testing, don’t test in production and don’t start with the most destructive test because you can find out how poorly prepared an application is fairly quickly. And it is reasonable and responsible to let a DBA know when you plan to test.

This entry was posted in software testing. Bookmark the permalink.