Sqldatetime overflow.. Will this cause any issues ? is any kind of hacking or bypassing age restriction is possible in this case?

Question

0.00/5 (No votes)

See more:

SqlDateTime overflow.Will causes any issues ? If yes what are those ? is any kind of hacking or bypassing age restriction is possible in this case ?

I don't have any knowledge on programming...

What I have tried:

We have a website with age restriction. If a user want to register in our website , the user must be 18 years old.As i know there is validation at client and server side ?

when i tried to register in our website i opened inspect element in the form filed and add "0001" in year list, when submitting the form am getting error like

SqlDateTime overflow. Must be between 1/1/1753 12:00:00 AM and 12/31/9999 11:59:59 PM.

Posted 9-Dec-18 2:12am

Member 14082835

Updated 9-Dec-18 3:10am

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2018-12-09T02:39:00

Solution 1

The first thing you need to learn is to validate inputs: That means checking what the user typed to make sure it is correct, valid, and reasonable data. For a "year of birth" value, "0001" is not valid - it is not reasonable to assume that anyone born over 2,000 years ago is still alive!
So read the user input, check it's numeric, and check it;s "reasonable": the oldest verified living human was 122 (List of the verified oldest people - Wikipedia[^]) so assume the current year to the current year minus 130 is a "reasonable" range for years. If it's outside, someone is making mistakes, or playing silly buggers - so reject their input and give them a chance to correct it.
Only when all the data is valid and reasonable do you transfer anything to your DB - this is important, because while it's fairly simple to detect and correct problems at the point of input, it gets progressively harder once the data is in the DB The longer the bad data is in teh DB the harder it gets to be able to correct it!

Posted 9-Dec-18 2:39am

OriginalGriff

Comments

Member 14082835 9-Dec-18 8:47am

As i know there is validation at client and server side ? still it is possible to hack or bypass age restriction ? except these any other issues are possible like inserting NULL values etc...? i Googled for it but i did't found more information on this. Could you please provide me more information on this.

OriginalGriff 9-Dec-18 9:58am

Clearly there isn't any "reasonableness" check - a basic validity check will just check it is a number, not that it's within a specific range.
If you had a "reasonableness" check, you wouldn't get dates passed to SQL that give errors like:

SqlDateTime overflow. Must be between 1/1/1753 12:00:00 AM and 12/31/9999 11:59:59 PM

MadMyche 9-Dec-18 13:04pm

Just because there is validation, it does not mean that the validation in itself is valid. Currently the oldest person in the world was born in 1899-- so in all reality the validation should make sure that the DOB occurs after 1899 and before now

Member 14082835 9-Dec-18 13:29pm

will it cause any issues or can i ignore it ?

OriginalGriff 10-Dec-18 2:02am

Of course it will! If it fails, the entry won't go into the DB ... like trying to glue a whole tuna into your stamp album using those stupid little "hardly-sticky-paper-bits"