Re: form validation

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Bob Barrows [MVP] (reb01501_at_NOyahoo.SPAMcom)
Date: 04/07/04 

Date: Wed, 7 Apr 2004 15:11:00 -0400

Rudi Ahlers wrote:
> Relating to this question, and stop me if I'm wrong, but isn't it
> better to address form validation from the server side, in this case
> ASP, than from the client side?
> What if the user's browser is Links / LYNX / Nokia browser / WebTV /
> some other funny browser that doesn't support all the JAVA, or even
> any JAVA at all?
> Or rather, what if the user is paranoid and turned it off totally?
> Wouldn't it be better to then see if the necessary fields are filled
> in, and if it should be number (phone / fax / id number / bank
> account) that it's only numbers and of the correct length?
>
>
Actually, both client and server-side validation should be done if possible.

Client-side validation is good because it avoids extra trips to the server
just to find out, for example, that a number field had alpha characters
entered into it.

Server-side validation must be done because hackers have been known to
submit data to server-side code without using our well-thought-out data
entry forms. Also, as you say, browser capability may prevent the
client-side code from running.

Bob Barrows 

-- 
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Relevant Pages

  • Re: Need help on validation on a group of controls
    ... Here is the defenition of the CustomValidator control in my .aspx page ... I would use the following server-side event: ... because the validation involves the value of multiple controls. ... able to enter more than 8 charecters of the total VIN numner. ...
    (microsoft.public.dotnet.framework.aspnet.webcontrols)
  • Re: Need help on validation on a group of controls
    ... Here is the defenition of the CustomValidator control in my .aspx page ... I would use the following server-side event: ... because the validation involves the value of multiple controls. ... able to enter more than 8 charecters of the total VIN numner. ...
    (microsoft.public.dotnet.framework.aspnet.webcontrols)
  • Re: validation doesnt fire
    ... That's the server-side stop to prevent code from running if validation fails at server-side. ... You don't need to write any code at all to get the RequiredFieldValidator to work and usually don't need to check for Page.IsValid because the client and server side validations would prevent the page from processing. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Get Passwords do not Match message too soon
    ... hopefully you'll abandon the Validation webcontrols completely... ... client side and server side to prevent the user from mucking on the ... E.g. if you have a textbox into which users type the ID of a record to fetch from a database, there might be all sorts of validation which can be done client-side first without resorting to a completely unnecessary round-trip to the server and back... ... to validate that server-side. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Is Javascript Secure?
    ... Client Side Validation is in no way a ... If you want to get fancy, you could write some type of PHP code inside ... a PHP variable, and for the Server-Side check evalit, and for the ... I wouldn't recommend considering this unless your Validation ...
    (alt.computer.security)