Sqldatetime溢出..这会导致任何问题吗？在这种情况下，是否可以进行任何类型的黑客攻击或绕过年龄限制？ [英] Sqldatetime overflow.. Will this cause any issues ? is any kind of hacking or bypassing age restriction is possible in this case?

问题描述

SqlDateTime溢出。会导致任何问题吗？如果是，那是什么？在这种情况下，是否有任何类型的黑客攻击或绕过年龄限制？



我对编程没有任何了解...



我的尝试：



我们有一个年龄限制的网站。如果用户想在我们的网站注册，用户必须年满18岁。据我所知，客户端和服务器端有验证吗？



当我试图在我们的网站上注册我在表格中打开了检查元素并在年份列表中添加0001，当提交表单时收到错误，如



SqlDateTime溢出。必须在1/1/1753 12:00:00 AM和12/31/9999 11:59:59 PM之间。

SqlDateTime overflow.Will causes any issues ? If yes what are those ? is any kind of hacking or bypassing age restriction is possible in this case ?

I don't have any knowledge on programming...

What I have tried:

We have a website with age restriction. If a user want to register in our website , the user must be 18 years old.As i know there is validation at client and server side ?

when i tried to register in our website i opened inspect element in the form filed and add "0001" in year list, when submitting the form am getting error like

SqlDateTime overflow. Must be between 1/1/1753 12:00:00 AM and 12/31/9999 11:59:59 PM.

推荐答案

您需要的第一件事学习是验证输入：这意味着检查用户键入的内容以确保它是正确，有效和合理的数据。对于出生年份值，0001无效 - 假设2000多年前出生的人还活着是不合理的！

所以读取用户输入，检查它是否为数字并检查它;合理：最老的经过验证的活人是122（经过验证的最老人名单 - 维基百科 [ ^ ]）因此假设当前年度减去130多年来是一个合理的范围。如果它在外面，有人会犯错误，或者玩傻傻的玩家 - 所以拒绝他们的输入并让他们有机会纠正它。

只有当所有数据都有效且合理时，你才会将任何内容传递给你数据库 - 这很重要，因为虽然在输入点检测和纠正问题相当简单，但是一旦数据在数据库中，它就会变得越来越困难。数据库中的错误数据越长，它就越难以纠正它！

The first thing you need to learn is to validate inputs: That means checking what the user typed to make sure it is correct, valid, and reasonable data. For a "year of birth" value, "0001" is not valid - it is not reasonable to assume that anyone born over 2,000 years ago is still alive!
So read the user input, check it's numeric, and check it;s "reasonable": the oldest verified living human was 122 (List of the verified oldest people - Wikipedia[^]) so assume the current year to the current year minus 130 is a "reasonable" range for years. If it's outside, someone is making mistakes, or playing silly buggers - so reject their input and give them a chance to correct it.
Only when all the data is valid and reasonable do you transfer anything to your DB - this is important, because while it's fairly simple to detect and correct problems at the point of input, it gets progressively harder once the data is in the DB The longer the bad data is in teh DB the harder it gets to be able to correct it!

这篇关于Sqldatetime溢出..这会导致任何问题吗？在这种情况下，是否可以进行任何类型的黑客攻击或绕过年龄限制？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！