Re: Do I have to call Page.Validate on server side for val controls?
From: TS (manofsteele_at_311.com)
Date: 03/24/04
- Next message: Alek Davis: "Re: Windows Auth -- double hop issue??"
- Previous message: Dan: "Extended Search Dropdown?"
- In reply to: Steven Cheng[MSFT]: "Re: Do I have to call Page.Validate on server side for val controls?"
- Next in thread: Steven Cheng[MSFT]: "Re: Do I have to call Page.Validate on server side for val controls?"
- Reply: Steven Cheng[MSFT]: "Re: Do I have to call Page.Validate on server side for val controls?"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 24 Mar 2004 10:48:14 -0600
On the examples, the only time a call to page.IsValid is in customValidator
examples. So to make this crystal clear, if someone bypasses my form or has
JS disabled, and enters invalid data, if I don't call to page.isvalid, and
just process the page normally, the page will still process?
If this is so, then don't you agree that to be secure and to catch any
possible exceptions that may occur when using bad data, you should always
make a call to page.IsValid before you do anything with the data that was
entered, such as stick in a db?
"Steven Cheng[MSFT]" <v-schang@online.microsoft.com> wrote in message
news:hEubBoUEEHA.612@cpmsftngxa06.phx.gbl...
> Hi TS,
>
> As Bruce has mentioned, the ASP.NET will call all the validation
> controls(if enabled)'s validation on the page before the page's post back
> eventhandler is executed. So if you want to execute some certain
operations
> only when the page is validatored , you can add the following code in your
> event handler:
> private void btnSubmit_Click(object sender, System.EventArgs e)
> {
>
> if(Page.IsValid)
> {
> //... your code
> }
> }
>
> #notice that you should not call "Page.IsValid" property before a certain
> server control's post back event handler(such as in page_load or page_Init
> ). Because the page's serverside validation hasn't been completed at that
> time, if you try accessing the IsValid propery in those event, you 'll get
> exceptions.
>
> In addtion, the validator controls by default has
> "EnabledClientScript=true" which means the page need to be validated at
> clientside before it is postedback. If not valid, it won't be posted back.
> So I think you can also use the clientside validation to ensure that when
a
> page is posted back, it has been valid.
>
> And here are two good tech articles on detailed description of the ASP.NET
> validaor control's mechanism and useage:
> #ASP.NET Validation in Depth
>
http://msdn.microsoft.com/library/en-us/dnaspp/html/aspplusvalid.asp?frame=t
> rue#aspplusvalid_serverside
>
> #Validating ASP.NET Server Controls
>
http://msdn.microsoft.com/library/en-us/dnaspp/html/aspnet-validateaspnetser
> vercontrols.asp?frame=true
>
> Hope they also helpful.
>
> Regards,
>
> Steven Cheng
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
> Get Preview at ASP.NET whidbey
> http://msdn.microsoft.com/asp.net/whidbey/default.aspx
>
>
- Next message: Alek Davis: "Re: Windows Auth -- double hop issue??"
- Previous message: Dan: "Extended Search Dropdown?"
- In reply to: Steven Cheng[MSFT]: "Re: Do I have to call Page.Validate on server side for val controls?"
- Next in thread: Steven Cheng[MSFT]: "Re: Do I have to call Page.Validate on server side for val controls?"
- Reply: Steven Cheng[MSFT]: "Re: Do I have to call Page.Validate on server side for val controls?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
