Validating Data On Web Forms
Validating the information entered by users is an essential part of developing a professional Web-based user interface. Data validation over the Web is performed in one of two locations: on the user's computer, or on the Web server.
Most applications perform their data validation on the user's local computer. In this scenario, if an error occurs while performing validation on the user's computer, the application can directly display the error message on the page that the user is viewing without the page making a round trip to the Web server and then back to the user. This increases performance and reduces traffic over the Web.
In addition, malicious users can subvert the validation process. Users with harmful intent may easily modify the validation script because it is contained in the source of the page that is sent to the user's computer. The malicious user can then submit the modified script to the Web server with results that are different than what you, the developer, intended.
The alternative to processing data validation on the user's computer is to process it on the Web server. The opposite pros and cons that applied to processing data validation on the user's computer apply to processing data validation on the Web server. For instance, since the validation occurs on the Web server, your application must post the Web page that the user is viewing back to the Web server for validation to occur. This decreases performance since the page must make a round trip to the Web server and back to the user's computer if data validation fails. However, when you validate a process on the Web server, you can use any scripting language because the user's Web browser doesn't process the scripting language. Furthermore, the data validation scripts are protected inside the Web server so they are not vulnerable to malicious user modifications.
ASP.NET Validation Controls
In its efforts to improve Web development on the whole, Microsoft included in ASP.NET a set of controls (called the ASP.NET validation controls), which offer an exceptional solution to data validation. ASP.NET comes with five validation controls as well as a summary control.
Validating the information entered by users is an essential part of developing a professional Web-based user interface.
The ASP.NET validation controls use a combination of the benefits of traditional data validation. The ASP.NET data validation controls process data validation on the Web server, but you can also optionally process data validation on the user's computer. Similar to the other ASP.NET Web server controls, your ASP.NET Web application renders the data validation controls on the user's computer as HTML elements based upon the selected TargetSchema property. Hence, if you configure the data validation controls to enable validation on the user's computer, the resulting HTML is browser-specific. More precisely, the rendered HTML uses a script library called WebUIValidation.js and implements Microsoft JScript functionality that is only supported by Microsoft Internet Explorer 4.0 and later versions.
With the above-mentioned restriction in mind, you can configure the ASP.NET data validation controls to enable validation on the user's computer in most cases without any negative impact on Web browsers that do not support the scripting functionality. If you choose to support validation on the user's computer, performance will increase slightly. However, to reiterate, validation will always be performed on the Web server in order to offer validation to Web browsers that do not support the client-side scripting as well as protect against the possibility of modified validation scripts.
All of the data validation controls are displayed in the toolbox when ASP.NET displays a Web form or Web user control in design view in Visual Studio .NET. You can also (directly in HTML or programmatically) add data validation controls to Web forms and Web user controls. The data validation controls are shown in Figure 1 as they appear in the Visual Studio .NET Toolbox.
Figure 1. The ASP.NET Data Validation controls as they appear in the Visual Studio .NET Toolbox
By: Shannon A Horn
Shannon Horn is the co-founder and chief software architect of WebGeniuses Corporation (http://www.webgeniuses.com). He is a Microsoft Certified Application Developer (MCAD), Microsoft Certified Solution Developer (MCSD) and a Microsoft Certified Trainer (MCT) who has been developing Microsoft Windows and Web-based solutions as well as training for over 12 years. He has been a featured speaker at many industry events including Microsoft DevDays and the ASP.NET and Web Services Solutions conference produced by asp.netPRO. He is a published author on several subjects including XML, the migration from Visual Basic 6 to VB.NET, JScript.NET, C#, and ASP.NET.
Shannon speaks and trains for companies such as AppDev (http://www.appdev.com) and LearnIt (http://www.learnit.com) and has been a featured speaker in training videos with LearnKey. He has also worked with large corporate clients including Microsoft, Universal Studios, MGM Studios, Monster.com/FlipDog.com, Intel, Polygram Pictures, Prudential, Micro Accounting Systems, Sky Harbor International Airport, and Southern Automated Systems on projects using Microsoft technologies such as Visual FoxPro, Visual Studio.NET, C#, ADO.NET, and ASP.NET. Shannon lives in Glendale, AZ, and is married with two daughters and a son.
There are five validation controls included with ASP.NET as well as a summary control. Data validation with the ASP.NET validation controls is always processed on the Web server and can also optionally be processed on the user's computer.