If the existing validation controls do not suit your needs, you can define a custom server-side validation function and call it using the CustomValidator control. You can also add client-side validation for a quick check before the form is submitted by writing a function in ECMAScript (JScript) that duplicates the logic of the server-side method.
You should perform a server-side validation even if you use a client-side check. Server-side validation helps prevent users from bypassing validation by disabling or changing the client script.
Security Note By default, the Web Forms page automatically validates that malicious users are not attempting to send script or HTML elements to your application. As long as this validation is enabled, you do not need to explicitly check for script or HTML elements in user input. For more information, see Scripting Exploits.
Server-Side Validation
You define server-side validation by writing code in the control's ServerValidate event handler that checks the user's input. You hook up the event handler by setting the OnServerValidate attribute of the control. The string from the input control to validate can be accessed by using the Value property of the ServerValidateEventArgs object passed into the event handler as a parameter. The result of the validation is then stored in the IsValid property of the ServerValidateEventArgs object.
To validate on the server using a custom function
1. Add a CustomValidator control to the page and set the following properties:
Property Description
ControlToValidate : The ID of the control you are validating.
ErrorMessage, Text, Display : Properties that specify the text and location of the error or errors that will display if the validation fails. For details, see Controlling Validation Error Message Display for ASP.NET Server Controls.
2. Create a server-based event handler for the control's ServerValidate event. This event is called to perform the validation. The method has a signature such as the following:
Protected Sub CustomValidator1_ServerValidate(ByVal _
source As System.Object, ByVal args As _
System.Web.UI.WebControls.ServerValidateEventArgs) _
Handles CustomValidator1.ServerValidate
// C#
protected void ValidationFunctionName(object source, ServerValidateEventArgs args)
The source parameter is a reference to the custom validation control raising this event. The property args.Value will contain the user input to validate, and args.IsValid should be set to true if the value is valid, false otherwise.
The following example shows how you can create custom validation. The event handler checks whether the user's entry is eight characters long or longer.
' Visual Basic
Protected Sub TextValidate(ByVal source As System.Object, _
ByVal args As System.Web.UI.WebControls.ServerValidateEventArgs) _
Handles CustomValidator1.ServerValidate
args.IsValid = (args.Value.Length >= 8)
End Sub
// C#
protected void TextValidate(object source, ServerValidateEventArgs args)
{
args.IsValid = (args.Value.Length >= 8);
}
3. Add the OnServerValidate attribute to the validator in HTML view to indicate the name of the validation function.
ControlToValidate="TextBox1"
ErrorMessage="Text must be 8 or more characters.">
4. Add a test in your Web Forms code to check for validity. For details, see Testing Validity Programmatically for ASP.NET Server Controls.
Client-Side Validation
You can also create client-side custom validation. To do so, you specify a function name for the control's ClientValidationFunction property, and create a function in client script that duplicates the logic of the server-side method.
To create custom validation logic on the client
1. Create a validation function on the client side in ECMAScript (JavaScript, JScript).
The following example illustrates custom client-side validation. An excerpt from the page shows a Textbox control referenced by a CustomValidator control. The validation control calls a function called validateLength to make sure that the user has entered at least eight characters into the Textbox control.
function validateLength(oSrc, args)
{ args.IsValid = (args.Value.length >= 8);}
asp:CustomValidator id="CustomValidator1" runat=server
ControlToValidate = "text1"
ErrorMessage = "You must enter 8 Chr"
ClientValidationFunction="validateLength"
asp:CustomValidator
2. Add a test in your Web Forms code to check for validity. For details, see Testing Validity Programmatically for ASP.NET Server Controls.
No comments:
Post a Comment