When your last name is Null, nothing works

Original Article ↗ Hacker News Discussion ↗

How “Null” Breaks Systems

  • Many comments explain that failures usually come from conflating the string "null" with a special null value:

    • Stringly-typed systems, weak typing, or legacy glue code (CSV, HTTP forms, Bash, Excel exports) turn missing values into the literal text “null”.
    • Downstream code then “fixes” queries with conditions like name != 'null', or treats "null" as a stand‑in for “no data”, breaking real people named Null.
    • Interpolated SQL without parameters (or bad sanitization) can create rows with 'null' as a string, confusing IS NULL vs ='null'.
    • ETL pipelines and homemade CSV conventions (empty means "", "Null" means NULL) accumulate over decades and are hard to unwind.

  • Some argue that any system that mishandles this is fundamentally broken and likely vulnerable (e.g., SQL injection, type confusion). Others respond that organizations prioritize obvious catastrophic risks over subtle “null vs 'null'” correctness bugs.

Name-Handling Failures in General

  • Thread is full of real-world breakages:
    • Empty legal names, single names, extremely long names, and two middle names.
    • Diacritics and non-ASCII letters (ć, ĝ, Cyrillic, CJK), digraphs (IJ), apostrophes, slashes, hyphens, spaces, Mc/Mac capitalization.
    • Systems forcing first/middle/last, dropping or concatenating parts, or rejecting required characters while demanding “exactly as in passport”.
  • People report banking, airline, immigration, and government systems failing or mismatching records; some resort to aliasing or legally changing names, or dropping punctuation/diacritics online.

Anecdotes and Edge Cases

  • Usernames and student IDs colliding for twins or common surnames; improvised disambiguation schemes sometimes misroute email for years.
  • Apostrophe surnames and odd characters used as informal SQL injection/XSS tests.
  • “NULL” license plates and markers like NOPLATE causing huge numbers of misdirected traffic tickets when systems attach all null/unknown entries to a real person.
  • Product tags including “null” coerced to null and then rejected by validation.

Design Lessons and Meta Discussion

  • Strong sentiment that name fields should be treated as opaque strings, never given out-of-band meaning; using magic tokens like “null”, “FNU”, etc., is fragile.
  • Recognition that legacy formats (HTTP form-encoding, YAML, CSV) and coercive languages (JS, PHP historically) keep this class of bug alive.
  • Some see the article as technically muddled about Tony Hoare’s “billion‑dollar mistake” and Microsoft’s stance on nulls, and ascribing design intent where there are just bugs and incentives.