0

Hi I'm running into a bit of an issue. I have a form on a webpage that uses a bunch of HTML controls (text boxes, check boxes, drop downs, etc...). I'm going to to add the data entered into a database, but it needs to be validated first. I much prefer to have the validation done on the client side because it's cleaner. So is it possible to do all the error checking n' such with JavaScript, then when it's all checked out, send a true or false value to the server side code so it knows to start processing it?

As of now I've been doing my JavaScript validation, and then mimicking it with the ASP.NET code. It works, but there has to be a better way.

Thanks in advance

Vandel212
  • 1,074
  • 1
  • 13
  • 28
  • Having a global variable like isValid which is set to false, and on the form postback check it and return false. if (!isValid) return false; That way your JavaScript can set that variable to true once it verifies all fields are valid. – trnelson Jun 19 '13 at 14:32
  • 1
    You should be able to prevent the data being submitted to the server by returning false from the submit button event handler if the values are invalid. – Rob Willis Jun 19 '13 at 14:33
  • 1
    You should have validation in both places. Once for the user (client side), once for data integrity (server side). Nothing you're doing really sounds wrong. – Mike Robinson Jun 19 '13 at 14:33
  • 2
    "So is it possible to do all the error checking n' such with JavaScript, then when it's all checked out, send a true or false value to the server side code so it knows to start processing it?" — That's silly. Just wait until the JS validation is complete before sending the data. (And as mentioned above, that won't be sufficient). – Quentin Jun 19 '13 at 14:33
  • 1
    I would convert the controls over to asp.net controls and add the built in validators. They work on both client and server side. And you should be validating both before entering anything int a database. – Smeegs Jun 19 '13 at 14:35
  • I agree with @Javalsu for sure. Hadn't noticed this was ASP.NET but yes, definitely look into using the .NET validation controls. – trnelson Jun 19 '13 at 14:40

2 Answers2

1

When it comes to deciding where to perform validation, there are two options:

  • on the server
  • on the server and the client

Performing validation only on the client is not a safe option, because you cannot trust the client. What if a user has javascript disabled, so your client-side validation never runs? Now your server is blindly accepting potentially-bad data. What if a user saves your webform to disk, changes it to remove the validation, then submits using their modified version? Your server is blindly accepting potentially-bad data.

Client-side-only validation will end up costing you - don't go down that route.

Chris
  • 4,661
  • 1
  • 23
  • 25
0

Until you choose to use ASP.NET MVC which is elegant and a "better way" to build applications with sexy attribute based validation, you are out of luck. You have to check the data on the server.

Remember,

Never ever trust the data from the user.

Even though most of your users will be good old ted, but there are smart, evil people out there who will try to hack your shiny site. Apart from that people will laugh at you if they find that you do not validate data on the server.

To save you from such insult, validate your data on the server.

Ashwin Singh
  • 7,197
  • 4
  • 36
  • 55