Trust No One

Previous page
Table of content
Next page


It may seem a bit of a paranoid heading, but it's a fact of life that some people will try to subvert your program, and attempt to hack into your system. There are many ways to prevent this sort of thing, but one that often gets overlooked is that of protecting your data. For example, you should always validate data that is supplied by the user. This not only ensures that the correct type of data is supplied, but also prevents certain forms of hacking.

ASP.NET has made validation fairly simple by the provision of a set of validation controls. These allow you to easily validate data, such as ensuring that data is filled in, or making it fit within certain criteria. Let's look at two of these to show how easy validation can be – we'll look at some of the others in Chapter 7, when we discuss how to prevent errors.

Try It Out—Using the RequiredFieldValidator Control

  1. Create a new ASP.NET Page called Validation.aspx.

  2. Add some text, two TextBoxes and a Button so that the page matches the following:

  3. Drag a RequiredFieldValidator control and drop it to the right of the Name: textbox.

  4. Drag a RangeValidator control and drop it to the right of the Age: textbox.

  5. Drag a ValidationSummary control and drop it below the button:

    click to expand

  6. Select the RequiredFieldValidator and change the following properties:

    Property

    Value

    ControlToValidate

    TextBox1

    ErrorMessage

    You must enter your name

    Text

    Missing name

  7. Select the RangeValidator and change the following properties:

    Property

    Value

    ControlToValidate

    TextBox2

    ErrorMessage

    Age must be between 18 and 75

    Text

    18 – 75

    MaximumValue

    75

    MinimumValue

    18

    Type

    Integer

    The page should now look like this:

  8. Save the page, run it, and press the button without entering any data:

    click to expand

  9. Add a name, enter 4 for the Age, and press the button again:

    click to expand

  10. Change the Age to 72 and press the button again:

    click to expand

Notice that there is now no error message, which means that the data is valid.

How It Works

Let's first look at the ValidationSummary controls, since we didn't change any properties. When using validation controls you don't have to have a ValidationSummary control, but doing so allows you to display all of the error messages from invalid controls in a single location. When a page is invalid, the ErrorMessage property from each invalid control is displayed in the summary.

The RequiredFieldValidator ensures that a TextBox has a value entered, and an empty value causes the page to be invalid. The three properties we set were:

  • ControlToValidate – The name of the TextBox control that has to be filled in

  • ErrorMessage – The error message you want displayed in the validation summary

  • Text – The text to display in the location where the validator is placed

If you don't have a validation summary, you can use the Text property to display the error message in line. Otherwise, it's a good idea to put a shortened message inline, or even just use a * to indicate the position of an error.

The RangeValidator uses the same properties as shown above, as well as:

  • MaximumValue – Higher value to check against

  • MinimumValue – Lower value to check against

  • Type – The data type

In our example, we are checking ages, so we want to use whole numbers, and these are know as Integers. You'll find out more about data types in Chapter 5.

That's it for the properties, but what happens when the button is pressed? Well, ASP.NET takes care of this for us. It knows that there are validation controls on the page, and knows which textboxes they are linked to. If any of the content is invalid, the ErrorMessage for each invalid control is displayed in the summary, and the summary shown.

Checking for Valid Content

One thing that you need to do is ensure that the content of the textboxes is valid before you do any processing. In our example above, we didn't have any code and the validation still took place. If we create code that should run when the button is clicked, then this will always run, whether or not there was valid content. What you have to do is check that the page is valid first, which is easy because there is a simple test:

 Sub Button1_Click(sender As Object, e As EventArgs)  If Page.IsValid Then  ' The page is valid, so we can do stuff here  End If End Sub

The Page has an IsValid property, which is available to ASP.NET, and is True if the page content is valid. If the validation controls indicate invalid content, then the IsValid property is False.


Previous page
Table of content
Next page
Beginning Dynamic Websites with ASP. NET Web Matrix
Beginning Dynamic Websites: with ASP.NET Web Matrix (Programmer to Programmer)
ISBN: 0764543741
EAN: 2147483647
Year: 2003
Pages: 141
Authors: Dave Sussman, James Greenwood, Alex Homer, Colt Kwong, John M. West
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Systematic Software Testing (Artech House Computer Library)
Data Structures and Algorithms in Java
PMP Practice Questions Exam Cram 2
InDesign Type: Professional Typography with Adobe InDesign CS2
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy