diff --git a/tailbone/views/purchasing/receiving.py b/tailbone/views/purchasing/receiving.py
index 2e6c53e1..3e269d7b 100644
--- a/tailbone/views/purchasing/receiving.py
+++ b/tailbone/views/purchasing/receiving.py
@@ -255,12 +255,17 @@ class ReceivingBatchView(PurchasingBatchView):
                 else:
 
                     # if product not even in system, add to batch anyway..
-                    row = model.PurchaseBatchRow()
-                    row.upc = provided # TODO: why not checked? how to know?
-                    row.description = "(unknown product)"
-                    batch.add_row(row)
-                    self.handler.refresh_row(row)
-                    self.handler.refresh_batch_status(batch)
+                    # but only if it was a "sane" UPC
+                    if len(upc) <= 14:
+                        row = model.PurchaseBatchRow()
+                        row.upc = provided # TODO: why not checked? how to know?
+                        row.description = "(unknown product)"
+                        batch.add_row(row)
+                        self.handler.refresh_row(row)
+                        self.handler.refresh_batch_status(batch)
+                    else:
+                        self.request.session.flash("Invalid UPC: {}".format(upc), 'error')
+                        return self.redirect(self.get_action_url('view', batch, mobile=True))
 
         self.Session.flush()
         return self.redirect(self.mobile_row_route_url('view', uuid=row.batch_uuid, row_uuid=row.uuid))