Do I have to call Page.Validate on server side for val controls?

Discussion in 'Microsoft ASP .NET' started by TS, Mar 23, 2004.

  1. TS

    TS Guest

    If I have a required field validator for instance, does it require any
    server side code to make it validate on server?
    I'm not sure if this is called by default, or if I need to call this on my
    page, and wrap all my code within this if block.
     
    TS, Mar 23, 2004
    #1
    1. Advertisements

  2. TS

    bruce barker Guest

    no. server validation is run when you call Page.IsValid

    -- bruce (sqlwork.com)


    "TS" <> wrote in message
    news:ueSJi$...
    > If I have a required field validator for instance, does it require any
    > server side code to make it validate on server?
    > I'm not sure if this is called by default, or if I need to call this on my
    > page, and wrap all my code within this if block.
    >
    >
     
    bruce barker, Mar 23, 2004
    #2
    1. Advertisements

  3. TS

    TS Guest

    so I have to query page.isvalid on every posted back page, and only process
    the page if this test succeeds

    "bruce barker" <> wrote in message
    news:%...
    > no. server validation is run when you call Page.IsValid
    >
    > -- bruce (sqlwork.com)
    >
    >
    > "TS" <> wrote in message
    > news:ueSJi$...
    > > If I have a required field validator for instance, does it require any
    > > server side code to make it validate on server?
    > > I'm not sure if this is called by default, or if I need to call this on

    my
    > > page, and wrap all my code within this if block.
    > >
    > >

    >
    >
     
    TS, Mar 23, 2004
    #3
  4. Hi TS,

    As Bruce has mentioned, the ASP.NET will call all the validation
    controls(if enabled)'s validation on the page before the page's post back
    eventhandler is executed. So if you want to execute some certain operations
    only when the page is validatored , you can add the following code in your
    event handler:
    private void btnSubmit_Click(object sender, System.EventArgs e)
    {

    if(Page.IsValid)
    {
    //... your code
    }
    }

    #notice that you should not call "Page.IsValid" property before a certain
    server control's post back event handler(such as in page_load or page_Init
    ). Because the page's serverside validation hasn't been completed at that
    time, if you try accessing the IsValid propery in those event, you 'll get
    exceptions.

    In addtion, the validator controls by default has
    "EnabledClientScript=true" which means the page need to be validated at
    clientside before it is postedback. If not valid, it won't be posted back.
    So I think you can also use the clientside validation to ensure that when a
    page is posted back, it has been valid.

    And here are two good tech articles on detailed description of the ASP.NET
    validaor control's mechanism and useage:
    #ASP.NET Validation in Depth
    http://msdn.microsoft.com/library/en-us/dnaspp/html/aspplusvalid.asp?frame=t
    rue#aspplusvalid_serverside

    #Validating ASP.NET Server Controls
    http://msdn.microsoft.com/library/en-us/dnaspp/html/aspnet-validateaspnetser
    vercontrols.asp?frame=true

    Hope they also helpful.

    Regards,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)

    Get Preview at ASP.NET whidbey
    http://msdn.microsoft.com/asp.net/whidbey/default.aspx
     
    Steven Cheng[MSFT], Mar 24, 2004
    #4
  5. TS

    TS Guest

    On the examples, the only time a call to page.IsValid is in customValidator
    examples. So to make this crystal clear, if someone bypasses my form or has
    JS disabled, and enters invalid data, if I don't call to page.isvalid, and
    just process the page normally, the page will still process?

    If this is so, then don't you agree that to be secure and to catch any
    possible exceptions that may occur when using bad data, you should always
    make a call to page.IsValid before you do anything with the data that was
    entered, such as stick in a db?

    "Steven Cheng[MSFT]" <> wrote in message
    news:...
    > Hi TS,
    >
    > As Bruce has mentioned, the ASP.NET will call all the validation
    > controls(if enabled)'s validation on the page before the page's post back
    > eventhandler is executed. So if you want to execute some certain

    operations
    > only when the page is validatored , you can add the following code in your
    > event handler:
    > private void btnSubmit_Click(object sender, System.EventArgs e)
    > {
    >
    > if(Page.IsValid)
    > {
    > //... your code
    > }
    > }
    >
    > #notice that you should not call "Page.IsValid" property before a certain
    > server control's post back event handler(such as in page_load or page_Init
    > ). Because the page's serverside validation hasn't been completed at that
    > time, if you try accessing the IsValid propery in those event, you 'll get
    > exceptions.
    >
    > In addtion, the validator controls by default has
    > "EnabledClientScript=true" which means the page need to be validated at
    > clientside before it is postedback. If not valid, it won't be posted back.
    > So I think you can also use the clientside validation to ensure that when

    a
    > page is posted back, it has been valid.
    >
    > And here are two good tech articles on detailed description of the ASP.NET
    > validaor control's mechanism and useage:
    > #ASP.NET Validation in Depth
    >

    http://msdn.microsoft.com/library/en-us/dnaspp/html/aspplusvalid.asp?frame=t
    > rue#aspplusvalid_serverside
    >
    > #Validating ASP.NET Server Controls
    >

    http://msdn.microsoft.com/library/en-us/dnaspp/html/aspnet-validateaspnetser
    > vercontrols.asp?frame=true
    >
    > Hope they also helpful.
    >
    > Regards,
    >
    > Steven Cheng
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    > Get Preview at ASP.NET whidbey
    > http://msdn.microsoft.com/asp.net/whidbey/default.aspx
    >
    >
     
    TS, Mar 24, 2004
    #5
  6. Hi TS,

    Thanks for your followup. Yes, the user many use disabling client side
    script to bypass the client validation. Thus, we may need to call the
    Page's "Page.Validate()" function to instructure all the validator controls
    work and then in post back event
    check the Page.IsValid to ensure the page is valid or not. So the user is
    able to by pass the client script validation but not able to hack the
    serverside operations if we add the validaion check. Do you think so?

    Regards,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)

    Get Preview at ASP.NET whidbey
    http://msdn.microsoft.com/asp.net/whidbey/default.aspx
     
    Steven Cheng[MSFT], Mar 25, 2004
    #6
  7. TS

    TS Guest

    thanks

    "Steven Cheng[MSFT]" <> wrote in message
    news:...
    > Hi TS,
    >
    > Thanks for your followup. Yes, the user many use disabling client side
    > script to bypass the client validation. Thus, we may need to call the
    > Page's "Page.Validate()" function to instructure all the validator

    controls
    > work and then in post back event
    > check the Page.IsValid to ensure the page is valid or not. So the user is
    > able to by pass the client script validation but not able to hack the
    > serverside operations if we add the validaion check. Do you think so?
    >
    > Regards,
    >
    > Steven Cheng
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    > Get Preview at ASP.NET whidbey
    > http://msdn.microsoft.com/asp.net/whidbey/default.aspx
    >
     
    TS, Mar 30, 2004
    #7
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Borr

    Call server side code from client side

    Borr, Nov 6, 2003, in forum: Microsoft ASP .NET
    Replies:
    3
    Views:
    205
    Alvin Bruney
    Nov 10, 2003
  2. Guest
    Replies:
    3
    Views:
    1,474
    Patrice Scribe
    Mar 12, 2004
  3. Ing. Rajesh Kumar

    How to call Server side Function from client side function ?

    Ing. Rajesh Kumar, Mar 28, 2004, in forum: Microsoft ASP .NET
    Replies:
    2
    Views:
    652
    Hugo Wetterberg
    Mar 30, 2004
  4. Fred
    Replies:
    2
    Views:
    364
    Craig Deelsnyder
    Jul 12, 2004
  5. Dinçer

    how to call server-side methods from client side

    Dinçer, Feb 11, 2005, in forum: Microsoft ASP .NET
    Replies:
    1
    Views:
    161
    Bopoo
    Feb 11, 2005
Loading...

Share This Page