Ok, this is painful for me because yes, I've been coding ASP.NET after classic ASP days. I've so lost the ways of regular HTML controls.
So, here's my scenario.
1) I have a list of radiobuttons on the page, regular old HTML buttons:
<div id="selectOptions">
<form action="Checkout.aspx" method="post" target="_self">
<ul>
<li><label><input type="radio" name="rbRewardsSelectionGroup" id="rbtNoRewardOption" checked="checked" value="0" />None</label></li>
<li><label><input type="radio" name="rbRewardsSelectionGroup" value='1' />Free Shipping</label></li>
<li><label><input type="radio" name="rbRewardsSelectionGroup" value='2' />$100 Store Credit</label></li>
<li><label><input type="radio" name="rbRewardsSelectionGroup" value='3' />$250 Store Credit</label></li>
<li><label><input type="radio" name="rbRewardsSelectionGroup" value='4' />$500 Stored Credit</label></li>
</ul>
</form>
</div>
2) I need to add some javascript to force a postback if any one of these radiobuttons are selected, even the default selected radio button
3) I attempted to add a form and wrap it around the code. I don't know if this will work because I think ASP.NET won't let you have more than one form on a page...or maybe that's just how it is for everyone?
4) Lets say it will work. Ok so I click the radio button. I send a request to Checkout.aspx and then in the code-behind I can grab that data and do a Request["rbRewardsSelectionGroup"] to get reference to that radiobutton group and then perform my server-side value checks...whatever I need to do.
I guess my question is am I going about this right with the way I have this setup currently? I believe I've got the overall concept here outside of using ASP.NET based controls that do all this magic for you.
I don't want to get into why I'm not using an ASP.NET control for this particular piece of code.
2) With jquery, listen for the change event on the radio buttons and submit its parent form:
$("input[#name='rbRewardsSelectionGroup']").change(function(){
$(this).parents('form').submit();
});
3) You can only have one form with a runat="server" property in asp.net
4) Yes, use Request.Form["rbRewardsSelectiongroup"] to get the value of the selection.
Related
I have a simple ASP.NET page with a MasterPage. Within the MasterPage, I have two login fields:
<input type="text" runat="server" id="txtUserName"/>
<input type="text" runat="server" id="txtPassword"/>
When the controls are rendered to the page, ASP.NET renders the following:
<input type="text" runat="server" id="ctl00_txtUserName" name="ctl00$txtUserName"/>
<input type="text" runat="server" id="ctl00_txtPassword" name="ctl00$txtPassword"/>
If I understand correctly, the name attribute corresponds to the UniqueID property of a control. However, when I'm debugging Page_Load and attempt to view the UniqueID of these fields, they have different values (ctl0$txtUserName and ctl0$txtPassword respectively)!
Note that this does not seem to be an issue on all pages using this MasterPage. Most of them work correctly and use ctl0$txtUserName and ctl0$txtPassword in both rendering and Page_Load.
Any idea what might cause ASP.NET to render a different UniqueID for a control than it uses in Page_Load?
I'm still not sure what was causing the generated UniqueIDs in the MasterPage to be different in Page_Load than when rendered to the page. However, I was able to get around the issue by storing the UniqueIDs of these fields in hidden fields. I was then able to access the values directly in the Request.Form collection.
In other words, I did this:
In the MasterPage -
<input type="text" runat="server" id="txtUserName"/>
<input type="text" runat="server" id="txtPassword"/>
<input type="hidden" id="txtUserNameUID" value="<%=txtUserName.UniqueID%>"/>
<input type="hidden" id="txtPasswordUID" value="<%=txtPassword.UniqueID%>"/>
During Page_Load of the child page -
string username = Request.Form[Request.Form["txtUserNameUID"]];
string password = Request.Form[Request.Form["txtPasswordUID"]];
Hope this helps anyone else struggling with UniqueID weirdness in ASP.NET!
Weird quirk I just became aware of: any wrapping controls that are runat server must also have IDs. For instance, if you have a panel around the control, i.e. whatever "ctl00" is, it must be assigned an ID. If it is not set, it will be allocated one and this can change.
If ViewStatemac is enabled in an ASP.NET application can a user modify what is in ViewState and successfully pass it back to the server?
I have an applicaiton (that someone else wrote) that is using what is in ViewState to create an non-parameterized ORDER BY clause in a SQL query. Should I be worried about SQL Injection?
If ViewStateMAC is enabled the attacker would need to be able to crack the "machine key" in order to alter the ViewState, so it should be reasonably secure if this value is kept private.
Is the value set in the code behind (e.g. ViewState["OrderBy"]) rather than via a control? If so this will not be subject to Event Validation.
Yes you can modify the viewstate, and post it back, by simple copy paste the page to a local site as html, and modify it.
How ever on post back the validation will be fail and not accepted by the asp.net if you have open the EventValidation Property - it is open by default.
asp.net saves a hash file for every control and every event on the page on this property, and validate it on post back. If this fail, then is not continue. If you have this close then it can do what you say.
Look this simple html form:
<form name="input" action="someaction.asp" method="post">
<select name="sel">
<option value="1" >Milk</option>
<option value="2" >Coffee</option>
<option value="3" >Tea</option>
</select>
<input type="submit" value="Submit">
</form>
anyone can change the <option value="1" >Milk</option> to <option value="1 OR 1=1" >Milk</option> and post it back as it is, so you need to add a hash code before render it and post it back together with the rest, and validate that the values that is the same (return the same hash).
Some sites, and coders select to encrypt every single value on post back, if you for example see the amazon, you notice lines like:
<input name="offeringID.1" value="y3A0L7tSnS%2B7LBLvI....morehere" type="checkbox" id="fbt_x_check" style="display: none;" class="check" checked="checked">
And you if you use custom html control you need to add your personal validation of the values, to avoid been modified.
asp.net developers have decide to make a total hash values of all controls, and keep it on the EventValidation.
So keep the EventValidation on, and the modification will fail.
I was exploring the search box on the Apple website and noticed it doesn't have a input type="submit" to post the form, even when Javascript is disabled.
<form action="/search/" method="post" class="search" id="g-search">
<div class="sp-label">
<label for="sp-searchtext">Search</label>
<input type="text" name="q" id="sp-searchtext" accesskey="s">
</div>
</form>
Having never really explored it, I take it from this it means you can post a form without needing a submit button, it just relies on the user pressing the return key.
Two questions: 1) Is this compatible across all browsers? So in IE 7 will pressing return still work?; 2) Is there a way to do this in ASP.NET without using an asp:button? I will probably have it inside a placeholder (where I would conventionally use defaultButton to allow for multiple forms on the page) but if I can get rid of the button altogether then that's a plus.
yes of course it is possible to do it in anyway you want.
The simpler thing is to have an onclick event that calls a function that does the submit like this:
JQuery:
$('#id_of_form').submit()
javascript:
document.name_of_my_form.submit();
or
document.getElementById('id_of_my_form').submit();
so simple :)
From a UI prospective, is it better to have a set of RadioButtons with the added functionality of being able to uncheck, or have a set of exclusive CheckBoxes, meaning only one can be checked at a time?
Update:
I did not expect such negative responses to this. Maybe it would help if I gave an example that is closer to how it's being used.
I have a GridView full of databound stuff. The user has the option of choosing one of the rows as "primary", but it's not required. new example:
$(":radio").click(function() {
if (this.previous) {
this.checked = false;
}
this.previous = this.checked;
});
$(":checkbox").click(function() {
$(":checkbox").not(this).prop("checked", false);
});
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
Choose a primary city and state (if applicable).<br />
<table><tr><td>
<table border="1" >
<tr><td>Primary</td><td>City</td><td>State</td></tr>
<tr><td><input type="radio" name="radio" /></td><td>Pahokee</td><td>Flordia</td></tr>
<tr><td><input type="radio" name="radio" /></td><td>Palatka</td><td>Flordia</td></tr>
<tr><td><input type="radio" name="radio" /></td><td>Palm Bay</td><td>Flordia</td></tr>
<tr><td><input type="radio" name="radio" /></td><td>Palm Beach Gardens</td><td>Flordia</td></tr></table></td><td> </td><td><table border="1" >
<tr><td>Primary</td><td>City</td><td>State</td></tr>
<tr><td><input type="checkbox" /></td><td>Pahokee</td><td>Flordia</td></tr>
<tr><td><input type="checkbox" /></td><td>Palatka</td><td>Flordia</td></tr>
<tr><td><input type="checkbox" /></td><td>Palm Bay</td><td>Flordia</td></tr>
<tr><td><input type="checkbox" /></td><td>Palm Beach Gardens</td><td>Flordia</td></tr>
</table></td><tr>
</table>
Should I include an extra control for unchecking the "primary", or just extend the functionality of the CheckBox or RadioButton ?
If you think extra RadioButton, where would that go, in the header?
BTW, it looks like JavaScript is needed to make RadioButtons work in a GridView anyway because of ASP.Net munging the GroupName.
Update 2:
Also, see ASP.NET AJAX extender MutuallyExclusiveCheckBox
Definitely use radio buttons, as they are meant for this purpose. Why confuse the user with checkboxes and further trouble yourself by writing code to maintain exclusive behaviour?
Though I don't agree with changing the expected functionality of radio and checkbox controls, I have had cases where I needed to.
If you do this with Javascript, it's going to fail spectacularly if your user has JS disabled.
The appearance CSS attribute is your friend.
If the user can pick only one choice out of a set, use radiobuttons. If the user can pick any number of choices, use checkboxes. Note that the definition of "only one choice" can include a radiobutton that says "none".
That's been the standard on pretty much every platform since GUIs were invented. Deviating from that practice will only serve to confuse your users.
Like other people have said, you shouldn't change the expected behaviour of native form elements. I would use a group of radio buttons, and include a button for 'clear selection'. That makes it explicit that the selection is clearable, and provides an obvious way of doing it.
Another way to do it would be to 'invent' a new type of control - probably based on hidden radio buttons, perhaps something that obviously looked like a group of 'toggles'. This is a very visual solution though, and would rely on javascript, so it's probably not the most reliable choice.
Here's an example of both solutions:
http://www.spookandpuff.com/examples/clearableOptions.html
Both solutions are currently javascript reliant - you could easily give the first option a JS-free fallback by having the clear button give the form to the server, and respond with a cleared radio button set.
I want to add a custom attribute to an asp.net RadioButton called Key which I'm using client-side for an ajax request.
What I'm finding is that my aspx markup which is the following:
<asp:RadioButton ID="rdoPost" GroupName=PreferredContactMethod" value="Post" onclick="DoStuff(this)" runat="server" />
gets rendered in the page as
<span Key="ContactMethod">
<input id="rdoPost" type="radio" name="PreferredContactMethod"" value="Post" onclick="DoStuff(this);" />
</span>
whereas I'd expected (and hoped) to get the following
<input id="rdoPost" type="radio" Key="ContactMethod" name="PreferredContactMethod"" value="Post" onclick="DoStuff(this);" />
I've tried the same thing with an asp TextBox control and it works exactly as I'd expect simply adding the Key="myKey" attribute to the <input type="text"/> element.
Is there a way around this with the standard RadioButton control, or will I have to inherit from the standard one to achieve the markup I'm wanting?
Also... (sorry to ask two questions at the same time), is adding non-standard attributes to html markup a bad idea anyway? Currently I'm using these attributes in JavaScript in the following way:
var key = rdoPost.Key;
I've found from the question/answer below that the easiest way to do this is via the code-behind using the InputAttributes property as follows:
rdoPost.InputAttributes.Add("class", "myCheckBoxClass");
Why does ASP.Net RadioButton and CheckBox render inside a Span?