What is the best way to use validation on your site when I want to give people client side "helper" validation such as password not long enough, email is incorrect format but also do server side validation and return errors such as username already exists and have both client and server validation messages visually be displayed the same to the user with the minimal amount of duplication.
+6
A:
Client validation can be circumvented easily. You should always validate sensitive data on server, regardless of client validation. Validating them on client too is just a matter of improved user experience.
BTW, ASP.NET validation controls do both.
Mehrdad Afshari
2009-05-12 11:32:37
A:
You cannot be sure if anything like client-side validation really occurred. If javascript is not available on client side (no-script or disabled JavaScript) it never runs. On post back before any further processing you should call validate method on page using following code:
if(!IsValid)
{
//inform your user about error(s)
return;
}
//do further processing
if you have validation groups then you can call validate method with group name:
if!(Validate("groupName"))
{
//inform your user about error(s)
return;
}
//do further processing
TheVillageIdiot
2009-05-12 11:39:11
Validate function of page does not return any bool value .
odiseh
2009-08-25 10:38:00
+1
A:
The best hybrid solution is generally to centralize your validation server-side and rely on client-side calls to the server-side stuff. This has a number of advantages:
- You'll only write validation code once, on the server.
- Client-side validation can be circumvented, but it doesn't matter; the server is checking everything anyway.
- You get an improved user experience at no or little additional development cost.
The primary disadvantage is that you pay twice as much for validation processing, but that's not too harsh.
John Feminella
2009-05-12 11:41:28
how would you best implement server side validation of "email address format is incorrect" calling from the clientside on blur for example per control (so not having an updatepanel and posting all the form fields back)
monkeylee
2009-05-12 11:47:55
A:
The best way would be to use the ASP.NET validation controls to present the simple 'hints' as the client (as mentioned by Mehrdad these will provide client and server side validation) and then use CustomValidators for the elements that need server interactions such as verifying usernames, etc.
Lazarus
2009-05-12 11:44:02
applying that concept you would need to validate that client side 'hint' validation on the server as well and results in the same issue I commented on John Feminella answer. humm...
monkeylee
2009-05-12 12:14:05
The client-side validation will happen on blur, the server-side will be a back up validation on submit so you don't need to worry about the server-side validation until that time. The client-side gives you the 'hint' validation as it's circumventable, the server-side will only validate at submit so is the final gatekeeper which is why that is where you will also have the custom validations that need server resources to complete. I wouldn't use server-side calls from client-side validatation at all, no point, it's still insecure as there's no reason that can't be bypassed and just submitted.
Lazarus
2009-05-13 12:02:47