Comments on: Beware using DateFormat for input validation http://www.magpiebrain.com/blog/2004/05/17/beware-using-dateformat-for-input-validation/ Sam Newman's blog Wed, 15 Oct 2008 19:55:20 +0000 http://wordpress.org/?v=2.5.1 By: Hale http://www.magpiebrain.com/blog/2004/05/17/beware-using-dateformat-for-input-validation/#comment-389 Hale Tue, 20 Jul 2004 17:21:51 +0000 http://www.magpiebrain.com/2004/05/17/beware-using-dateformat-for-input-validation/#comment-389 One more note: without the dateFormat.setLenient(false), the SimpleDateFormatter will convert a date like 12/44/2004 into something like 1/13/2005. It doesn't catch months_out_of_range or days_in_month_out_of_range errors. One more note: without the dateFormat.setLenient(false), the SimpleDateFormatter will convert a date like 12/44/2004 into something like 1/13/2005. It doesn’t catch months_out_of_range or days_in_month_out_of_range errors.

]]> By: Colin Hawkett http://www.magpiebrain.com/blog/2004/05/17/beware-using-dateformat-for-input-validation/#comment-388 Colin Hawkett Fri, 11 Jun 2004 16:13:47 +0000 http://www.magpiebrain.com/2004/05/17/beware-using-dateformat-for-input-validation/#comment-388 We ended up doing this to force it.... /* * Created on 11-Jun-04 */ package domain; import java.text.ParseException; import java.text.ParsePosition; import java.text.SimpleDateFormat; /** * @author Colin Hawkett */ public class StrictDateFormat extends SimpleDateFormat { public StrictDateFormat(String format) { super(format); } public java.util.Date parse(String dateString) throws ParseException { if(dateString.length() != toPattern.length()) throw new ParseException("Input string wrong length!", 0); ParsePosition pos = new ParsePosition(0); java.util.Date date = super.parse(dateString, pos); if((date == null) || (pos.getErrorIndex() != -1)) throw new ParseException("Dodgy date string!", pos.getIndex()); if(pos.getIndex() != toPattern().length()) throw new ParseException("Did not use entire string to parse date!", pos.getIndex()); else return date; } } We ended up doing this to force it….

/*

* Created on 11-Jun-04
*/
package domain;

import java.text.ParseException;
import java.text.ParsePosition;
import java.text.SimpleDateFormat;

/**

* @author Colin Hawkett
*/
public class StrictDateFormat extends SimpleDateFormat {
public StrictDateFormat(String format) {
super(format);
}

public java.util.Date parse(String dateString) throws ParseException {
if(dateString.length() != toPattern.length()) throw new ParseException(“Input string wrong length!”, 0);
ParsePosition pos = new ParsePosition(0);
java.util.Date date = super.parse(dateString, pos);
if((date == null) || (pos.getErrorIndex() != -1)) throw new ParseException(“Dodgy date string!”, pos.getIndex());
if(pos.getIndex() != toPattern().length()) throw new ParseException(“Did not use entire string to parse date!”, pos.getIndex());
else return date;
}
}

]]> By: Joey Gibson http://www.magpiebrain.com/blog/2004/05/17/beware-using-dateformat-for-input-validation/#comment-387 Joey Gibson Wed, 19 May 2004 16:13:13 +0000 http://www.magpiebrain.com/2004/05/17/beware-using-dateformat-for-input-validation/#comment-387 We discovered the non-threadsafeness of SimpleDateFormat a few months ago. It bit us big time... We discovered the non-threadsafeness of SimpleDateFormat a few months ago. It bit us big time…

]]> By: Sam Newman http://www.magpiebrain.com/blog/2004/05/17/beware-using-dateformat-for-input-validation/#comment-386 Sam Newman Wed, 19 May 2004 09:30:12 +0000 http://www.magpiebrain.com/2004/05/17/beware-using-dateformat-for-input-validation/#comment-386 According to the documentation, @DateFormat@ isn't synchronized either: bq. "Date formats are not synchronized. It is recommended to create separate format instances for each thread. If multiple threads access a format concurrently, it must be synchronized externally." According to the documentation, DateFormat isn’t synchronized either:

“Date formats are not synchronized. It is recommended to create separate format instances for each thread. If multiple threads access a format concurrently, it must be synchronized externally.”

]]> By: Jed Wesley-Smith http://www.magpiebrain.com/blog/2004/05/17/beware-using-dateformat-for-input-validation/#comment-385 Jed Wesley-Smith Wed, 19 May 2004 04:23:00 +0000 http://www.magpiebrain.com/2004/05/17/beware-using-dateformat-for-input-validation/#comment-385 Actually, I think its just SimpleDateFormat that is not thread-safe, but don't quote me. I generally use the Jakarta commons-lang 2.0 FastDateFormat class, thread-safe and quicker than SimpleDateFormat. What context are you entering dates? There are a number of good javascript date validation scripts around, and some free Java implementations as well. _Edited to stop layout problem_: "Javascript Validation Links":http://www.google.com/search?num=50&hl=en&lr=&ie=UTF-8&oe=UTF-8&c2coff=1&q=javascriptdate validation&btnG=Search Actually, I think its just SimpleDateFormat that is not thread-safe, but don’t quote me. I generally use the Jakarta commons-lang 2.0 FastDateFormat class, thread-safe and quicker than SimpleDateFormat.

What context are you entering dates? There are a number of good javascript date validation scripts around, and some free Java implementations as well.

Edited to stop layout problem:

Javascript Validation Links validation&btnG=Search

]]>