I'm using various ASP.NET controls out of the box such as the CreateUserWizard control, Login control etc... For custom controls, I have sanitized my inputs by making sure they conform to expected values. However, is this required for the controls such as the CreateUserWizard control, or is that handled internally? Do I need to provide any extra server side validation to these controls and, if so, would it be best to do it in the "CreateUserWizardControl_CreatingUser" event?
Thanks
If input is coming from any form, then treat it as suspect. I've included some links here that may help you:
http://www.codersbarn.com/post/2008/11/01/ASPNET-Data-Input-Validation.aspx
If you have request validation enabled then form data with script tags will generate an error automatically.
Related
I create new page with lots of validation controls, such as RequiredValidation, RegexValidation and so on. I found out that when I create these validation controls, it seems like it render both client java-script and server validation for me automatically.
I want to know, do I understand correctly or not?
Yep. That is correct. The built-in controls do server side validation (for security) and client side validation (for performance and user experience) for you.
Tip: Don't add these validations to the mark-up, but add them through the code behind, as shown in this blog post, since it keeps your code DRY.
I developed a screen in which there are fields like first name,username,password and email. I validated these fields using javascript and came to know that javascript is not that safe. So i decided to validate on server side also. My question is whether i can use asp controls like requiredfieldvalidator, regularexpression validator to validate the form or i have to validate through server side coding??
Usually you can, it depends on how you implement the form, whether you use ASP.NET/SharePoint controls on it
You can definitely use asp controls like requiredfieldvalidator and regularexpression to validate your form. I've done this before.
Extra information
Thing to watch out for: If the page that you put these controls on is a publishing page, e.g. based on a custom layout page where editors can go in change content, the asp validator controls will still try to validate in 'Edit' mode. Therefore any SharePoint out of the box form submissions that added to the form will also trigger that the validation on your custom fields. In my case, I had a form on the page layout and some content fields, every time I edited the page, I couldn't save changes or publish until I filled out my form.
The way around it is either, stick your validator controls in EditModePanels with the PageDisplayMode set to "Display":
<PublishingWebControls:EditModePanel ID="EditModePanel1" SuppressTag="true" runat="server" PageDisplayMode="Display">
Your validator control here
</PublishingWebControls:EditModePanel>
or check for edit mode in the code behind on page load and turn the validators off from there.
Hi
I need to validate two fields in an Asp.net form, where the requirements is like any one of them is required. For example, there is Page title and sub-heading input boxes, so any one of them is required. Can I do it using the validation controls Asp.Net provides?
Any kind of help is greatly appreciated. Thanks in advance.
You can use a CustomValidator control (MSDN) in ASP.NET for special situations that are not supported by any one of the other standard validators. It was created for this reason.
Microsoft describes how to create a custom validation function here.
Here's another tutorial on implementing it.
Or if you google for keywords like "creating a custom validator in asp.net" you can pick and choose from various solutions for your own project.
For your case, as an alternative to using a CustomValidator, you could explicitly change whether your required field validators are enabled by using the ValidatorEnable() JavaScript function.
// disable validation control
ValidatorEnable(RequiredFieldValidator1, false);
You can then write custom logic in JavaScript to determine the case in which each validation control is either enabled or disabled, and tie it to one of the (client-side) events of the text boxes (onblur, onchange, onkeyup, etc).
Then, on the server side you can write similar logic to do the same thing by setting the "Enabled" property and put this logic in your button click event before you check the IsValid state.
If all you are doing is conditionally determining when something is required, changing the enabled state is your best bet. Exactly what can be done is documented in ASP.NET Validation In Depth.
I have the need to have 2 html forms on one page. One for login details, and one for feedback. Both forms cannot have runat="server" attrib.
Any suggestions?
Handle one of the forms as a regular HTML form -- don't use runat="server". Extract the values from any post from the Request.Form collection manually (since there won't be any server-side variables corresponding to the form).
Alternatively, put all the elements in the same form, but use different controls to submit. Each set of controls (and their submit button) should be in a different validation group to avoid having validation errors due to elements you don't care about. Handle the form processing in the callback for the submit button.
Also, I would recommend an eventual move to ASP.NET MVC. MVC is a much better architecture from the perspective of the web. It more closely aligns with the stateless web model and does not have the limitations imposed in ASP.NET to help it mimic WinForms development.
When using web forms, you should only ever have one form on the page. Probably crap, but such is a web forms world...
wrap one form around the whole page. Then when a button is clicked (or whatever event you are using) you should be able access the values of all the controls on the page.
Yes as you said, in ASP.NET you can't have more then one form element. but, you can handle more then one action in the same form. Do not use form's action attribute, use asp.net server controls like <asp:Button>, and write your logic into the event of the controls that post back.
ASP.NET page framework architecture allows single form with runat="server" attribute. You need not to worry about this thing. Place the controls on to the webform for two different purposes and handle the click events of two asp.net server control <asp:Button> separately.
You just have to split them up logically inside the one form. If you use validator and don't want the two "forms" to require the other values filled in, you have a property on the .NET controls called ValidationGroup, that just needs to be the same for all in one "form".
You won't be able to make two forms with runat="server" in one page.
Here is a nice solution
Can I have two separate forms runat="Server" in one page
though not a straight forward approach, you CAN have multiple server side forms on the same page , but it has its own limitations. Cost $50
I have a requirement wherein I have a bunch of about 10 aspx pages.The user shall be able to go from one screen to another using navigation.All the range , custom,regex validators need to file so that data enetered is correct.Required fields need not be entered at this stage and the user can skip required fields. On the last page, I need to find out all the fields which are required and if incomplete want to show the user, these fields are required, sort of summary with link to the page where the control was left blank.
Does any one have any good ideas to achive validation on pages which the user has left and can do validation at the very end before the data is submitted. Any pointers would be greatly appreciated.
Validators form part of the page on which they lie. You cannot use the built-in validator controls to validate input fields on previous pages in the sequence. If you must do it this way, then you should implement your own validation framework which validates data on each page, but provides feedback on the summary page.
You should look into the usability issues faced if you only give feedback to the user at the end of the sequence of pages. He/she will be required to go back a few pages and retry input there. I don't think that is a good option at all.
A much better option would be to use the ASP.NET Wizard control (which loads sequential UI in separate panels, but on the same page). That would enable you to use Validators in conjunction with your setup. This article by Steve C. Orr provides a good introduction to using Validators with the Wizard control.
Alternatively, you can use the AJAX Tab control as others have suggested.
You can achieve this by using i.e. a TabControl (ships with the Ajax Control Toolkit).
Same thing I am applying in Asp.net MVC but I suggest you to use Tab control rather to use Bunch of pages as sshow posted.