Date post: | 08-Jul-2015 |
Category: |
Engineering |
Upload: | guddu-gupta |
View: | 176 times |
Download: | 1 times |
ASP.NET Validating user input
By-Guddu Kumar
Validating user input on the client and/or server side
GoalsCheck validity of data from the end user
HowCheck user input on the client side or on the server
side
ExamplesIs the name TextBox empty?Does the email TextBox contain a structurally valid
email address?
Verifies that a control value is correctly entered by the user
Blocks the processing of a page until all controls are valid
Avoids spoofingor the addition ofmalicious code
Client-side validation Done in the browser
Uses JavaScript
Users can disable JavaScript!
Different browsers → different JavaScript versions
Does not require HTTP request + response
Server-side validation Done on the server
Uses C#
Requires HTTP request + response
Best practice
Client-side validation and server-side
validation
Client-side saves time
No HTTP request/response
Server-side
Provides security
JavaScript not disable
ASP.NET performs browser detection
• Client supports JavaScript
• Use client-side validation + server-side validation
• Client does not support JavaScript
• Use server-side validation
RequiredFieldValidatorInput field cannot be empty
CompareValidatorCompare between user inputs using =, >, etc.
RangeValidatorMinimum < input < maximum
RegularExpressionValidatorCheck the entry matches a pattern defined by the regular expression
CustomValidatorMake your own validator
ValidationSummaryDisplays all error messages from validators in one spot
ControlToValidate
The control to be validated
ErrorMessageThe message used in the ValidationSummary
TextThe error message used in the validation control
CssClassStyle appearance of the messages
• Validation happens because of an event• Example: button click event
• Can be turned of (for some buttons in a form)
• <asp:Button ID=“Button1” runat=“server” Text=“Submit” CausesValidation=“false” >
• Client-side validation can be turned off• Only server-side validation in effect
• <asp:RequiredFieldValidator … EnableClientScript=“false”>
The RequiredFieldValidator control ensures that the required field is not empty. It is generally tied to a text box to force input into the text box.
The syntax for the control:
<asp:RequiredFieldValidator ID="rfvcandidate"
runat="server" ControlToValidate="ddlcandidate"
ErrorMessage="Please choose a candidate"
InitialValue="Please choose a candidate">
</asp:RequiredFieldValidator>
Can have multiple validation controls on a single input control
Only the RequiredFieldValidator checks empty controls
The RangeValidator control verifies that the input value falls within a predetermined range.
It has three specific properties:
The syntax for the control:<asp:RangeValidator ID="rvclass"
runat="server" ControlToValidate="txtclass" ErrorMessage="Enter your class (6 - 12)" MaximumValue="12" MinimumValue="6" Type="Integer">
</asp:RangeValidator>
The CompareValidator control compares a value in one control with a fixed value, or, a value in another control.
It has the following specific properties:
The basic syntax for the control:
<asp:CompareValidator ID="CompareValidator1"
runat="server"
ErrorMessage="CompareValidator">
</asp:CompareValidator>
The RegularExpressionValidator allows validating the input text by matching against a pattern against a regular expression. The regular expression is set in the ValidationExpression property.
The following table summarizes the commonly used syntax constructs for regular expressions:
A class of characters could be specified that can be matched, called the metacharacters.
Quantifiers could be added to specify number of times a character could appear.
The CustomValidator control allows writing application specific custom validation routines for both the client side and the server side validation.
The server side validation routine should be written in any .Net language,
like C# or VB.Net.
The basic syntax for the control:
<asp:CustomValidator ID="CustomValidator1" runat="server"
ClientValidationFunction=.cvf_func.
ErrorMessage="CustomValidator"></asp:CustomValidator>
The ValidationSummary control does not perform any validation but shows a summary of all errors in the page. The summary displays the values of the ErrorMessage property of all validation controls that failed validation.
Using Page.IsValid property we can check for page errors. When there are no errors IsValid returns true and user can proceed to next page.
if (Page.IsValid)
{ //validation complete proceed }
The syntax for the control:
<asp:ValidationSummary ID="ValidationSummary1" runat="server" DisplayMode = "BulletList" ShowSummary = "true" HeaderText="Errors:" />
Create an ASP.NET Web Form with TextBox and Button controls
Add a RequiredFieldValidator control
Add a RangeValidator control
Add a RegularExpressionValidator control
The Following showing the Illustration of Validation controls:
Thank You