Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Validator Controls, Client Side? 1

Status
Not open for further replies.
TomTT

TomTT

Programmer
Jun 3, 2002
55
0
0
US
aspx validation controls suchs as the required field validator are client side validators, right?

That being the case, is aspx generating javascript (jit) on the client side to perform the validation?

If it is, then a client with javascript disabled wouldn't execute the validator code?

If all of that is correct, then I guess you need to re-validate on the server side?

Thank!
 
Sort by date Sort by votes
Validation controls use javascript that is contained in the aspnet_client folder.

Personally I always do server side validation as well as client side (it's unlikely that javascript won't be enabled on the client but security wise, you should always validate on the server).


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 
Upvote 0 Downvote
Thanks for the quick reply. I realize that javascript will usually be enabled, but if it's not, I would be open to passing bad data back to the database......(crash)

Hadn't given it much thought until a discussion of how controls work came up.

You're right about validation server side as well. I am using a Try/Catch to prevent terminal errors, but I guess I also need data quality validation on the server side as well.

Thanks again!!

TT
 
Upvote 0 Downvote
>>aspx validation controls suchs as the required field validator are client side validators, right?

i have material here that says "The validation controls automatically generate both server side and client side validation code."

Known is handfull, Unknown is worldfull
 
Upvote 0 Downvote
I realize that javascript will usually be enabled, but if it's not, I would be open to passing bad data back to the database
Click to expand...
Also, if javascript is disabled, a lot of the ASP.NET server controls will behave differently.


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 
Upvote 0 Downvote
I realize that javascript will usually be enabled, but if it's not, I would be open to passing bad data back to the database......(crash)
Click to expand...

Or a malicious person could save the page to their hard drive, change/remove the validation script and submit the form, and like you said pass bad data.
 
Upvote 0 Downvote
I've done web development since there was a web... prior even to JavaScript. In all that time, I've never once had a user with JavaScript disabled.

The post that says that ASP.NET will generate both client-side and server-side code for validation controls is a bit misleading. It doesn't do both, it does one or the other based on which browser is being used.

There should always be three lines of defense:

1) rudimentary validation, client-side. All required fields have a value, the user isn't re-submitting the same form, etc.

2) stronger validation, server-side. All values are strongly typed, all keys are supplied and/or generated.

3) validation in your database. The best way to do this is with stored procedures.



Thomas D. Greer

Providing PostScript & PDF
Training, Development & Consulting
 
Upvote 0 Downvote
Thanks for all the responses. I think I'm getting it...
Initially, I tended to think validation controls were all I needed to cover my tail. As I picked up more about how they worked I started to see potential problems particularly if someone wanted to do harm.

I think Thomas Greer summed up a realistic approach very well.

I will be looking closely at my server side code with regard to validation and protection of the database.

Thanks again!
Tom T
 
Upvote 0 Downvote
>>It doesn't do both, it does one or the other based on which browser is being used

i dont understand, isnt that what is required???

if javascript is enabled then that will do, if not then it has to do it server side. isnt that what should happen???

Known is handfull, Unknown is worldfull
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

weberm
  • Locked
  • Question
How do I make a page with multiple AJAX custom controls?
Replies
2
Views
146
weberm
weberm
Dashley
  • Locked
  • Question
Client Script Changing/encoding Values 1
Replies
2
Views
60
Dashley
Dashley
may1hem
  • Locked
  • Question
How to show or hide controls using checkbox click, client-side?
Replies
3
Views
62
jbenson001
jbenson001
delmontexxx
  • Locked
  • Question
Web Authentication using machine or client certificates
Replies
3
Views
70
jbenson001
jbenson001
Halliarse
  • Locked
  • Question
Vertical spacing between button controls
Replies
5
Views
77
jbenson001
jbenson001

Part and Inventory Search

Sponsor

Back
Top