RangeValidator Problem in ASP.NET - asp.net

I was using RangeValidator to validate user input on client side for double values.
One of my user said that when he enters 5E-10, my range validator does not understand that number as a valid double.
What do you suggest me to do?
Thanks,
cas

This is a known problem with RangeValidator.
You'll need to use a CustomValidator instead, and manually verify the user's input is within the allowed range - including allowing scientific notation.

Related

disable characters from being entered in textbox

I am building a form and i want to prevent certain characters from being typed in a textbox?
I want to disable the " and ' characters in some of my textboxes
You can use a RegularExpressionValidator along with a regex such as [^"'] to allow all characters except " and '.
(please note, that regex is untested at the moment...)
ASP.NET Validators have both client and server APIs for validation.
The safest way is to check the form values on the server-side to see if the input is valid (doesn't include quote characters in your case) and respond with an error if it is invalid.
On the client side, I've had good luck using jQuery Validation.
Remember that arbitrary form payloads can be constructed outside of a browser, so you always have to check data validity on the server, even if client-side validation is in place.
Using an AJAX ASP FilterTextBox Control would be the way I'd go.
<ajaxToolkit:FilteredTextBoxExtender ID="ftbe" runat="server"
TargetControlID="TARGETCONTROLIDHERE"
FilterType="Custom, Numbers, LowerCaseLetters, UpperCaseLetters, Symbols"
InvalidChars="&" />
You can simply remove those characters from the string before you perform your database operation.

only two digits allowed after decimal asp.net

I have a textbox where the user must not be able to enter more than two digits after a decimal.How do I do this without using javascript?
Thanks.
You can set the MaxLength property of the textbox, but that doesn't have any notion of whether or where the decimal point is.
You could also use a CustomValidator and check the inputted number on the server via the ServerValidate event. But this will require going to the server to check the value (i.e. it will initially look like your form allows users to input invalid numbers).
You should also be able use to a RegularExpressionValidator, depending on your exact globalization requirements, which will use JavaScript on the client to provide immediate feedback:
<asp:TextBox ID="NumberTextBox" runat="server" />
<asp:RegularExpressionValidator runat="server" ControlToValidate="NumberTextBox"
ValidationExpression="\d+(?:(?:\.|,)\d{1,2})?" />
If you want the immediate feedback to the user, you'll need to use a JavaScript based solution.
You cannot cause the textbox to stop accepting text after two decimal places without directly or indirectly using javascript. (This is sometimes called an input mask).
You can, however, allow the user to enter free-form text and validate the text upon postback on the server. You can either automatically round the number for them, or return an error message to the client.
If you really need to prevent the user from entering more than two digits after the decimal point, you'll need to use JavaScript or a server control that implements the JavaScript for you.
However, may make more sense to allow them to enter any number of digits and then catch it on validation (or just round to two digits).

Can I read Captcha data from JavaScript in a secure way?

We use Captcha control in a registration form that we make full client validation for all fields in JavaScript ( JQuery ) beside server validation ..
I tried a lot of ways but all will write the Captcha value in JavaScript that can be accessed by anyone :(
I search if is there any way that allow me validate Captcha value in client side using JQuery in secure way or it can't be done ?
It cannot be done.
Javascript is client-side, as you know, and any code client-side has to be treated as potentially compromised as you don't have control over it.
At best, you could resort to sending up a salted hash of the value along with the salt, but even that in itself could be used to test guess values before actually submitting it.
Everything else relies on calls to the server.
As per comment request, here's the general idea:
Firstly, on the server, calculate a random string to be used as the salt. This should be roughly unique every request. The purpose of this string is to prevent rainbow table attacks.
Now, saving this string separately, but also create another string that is the concatenation of random string and the Captcha answer. Of this new combined string you generate the hash (for example, SHA-1) of it.
using System.Web.Security;
...
string hashVal = FormsAuthentication.HashPasswordForStoringInConfigFile(combined, "SHA1");
Both the random string and the hash value need to be placed in the page for the javascript to be able to read.
On the client side, when a user answers the Captcha, take the random string and concatenate it with the answer (getting the idea here?). Taking this string, you can use something like the SHA-1 JQuery plugin to hash it and compare it with the pre-computed hash you sent up.
hashVal = $.sha1(combinedString)
If it matches, it is (almost) certainly the correct answer. If it doesn't, then it is 100% the wrong answer.
you could use ajax to post the current value to the server, which would respond true or false. that would keep you from doing a real post and also from giving away the catpcha's value in html.
My solution )) Every time when page shows captcha to the user, you can dynamically generate obfuscated JavaScript functions(i think the best way 5 or 10).
For example, one function(or 3)) ) can set cookies with pregenerated hash(server returns it)(from real value of the captcha), other functions must realize server side algorithm to check value which user's typed. I can say that it works for 100%, because it is very hard to parse dynamically javascript + we set user cookies on client side(It is very hard for Bots's to find out where and how you set and check cookies), by using JavaScript.

Test if the user has typed date format ASP.NET (VB)

I have two textbox called BIRTH & EMAIL, and I must test in button click if the user has typed a date & email format in those two TextBox.
How can do that ?
Take a look at DateTime.TryParse for the date.
For the e-mail, unfortunately using regular expressions is probably your best bet.
Use a RegularExpressionValidator for each field, in conjunction with a RequiredFieldValidator. There are some ready made regular expressions for both that can be accessed through the properties window of the control.
The ValidationExpression is where you set the regular expression.
Why dont you use the ASP .NET Validators?
http://support.microsoft.com/kb/316662
Seems like the RegularExpressionValidator along with the RequiredFieldValidator would be perfect for this.
Note: The Regular Expression Validator already has the email option in the pre populated list.
For the date field, I would use the date picker, or some other control that let the user enter the day, month, and year separately. That way you don't have to worry about ambiguous dates, such as 01/05/2010, or even worse 01/05/10 (is that y/m/d, d/m/y, m/d/y etc.), and other such problems. For email address, I would do a simple check for the "#" symbol, and a dot, but don't get any more stringent than that. Email addresses can be pretty weird. You can also make them type the email address twice to ensure that they typed it correctly.
As you're using VB.NET, I believe IsDate(dateValue) is a simple option to validate the date.
Regular Expressions are your best bet though.
There's a fairly long discussion on SO regarding email regexes here:
Using a regular expression to validate an email address

ASP.Net Validation

I want to validate the value a user enters in a text box, so that it only enters float numbers. I'm not interested in range. How can I do this, considering also culture localization information (e.g. "." or "," as separators)?
My usual method is to use a RegexValidator with a validation expression of ^(\d+(\.\d*)?)|(\d*(\.\d+))$. You could ammend this to enable "." or ",": ^(\d+([\.,]\d*)?)|(\d*([\.,]\d+))$.
If you wanted to be strictly correct, you'd enable the correct validation expression for each culture.
Also note that you still need a RequiredFieldValidator if the value is compulsary.

Resources