In this article, I’m trying to explain the concept of input validation and its
types in asp.net and how to implement them in your application.
Whenever we have an application that expects user input, then it becomes
important to ensure the validity of the data input by the user. We might have
scenarios when some data is mandatory for the user to enter. There are scenarios
when the user data has to be in some particular format example email ID. There
could be scenarios when we want the data to be in some range example date input.
So for all the above mentioned scenarios, if we take the user input without
validation, then chances are that we will end up having wrong data with us
(perhaps in database). If it is a bad day for us then possibly our application
might also end up behaving in an unexpected manner and even crash on us (like if
we try to convert a
non-numeric
string to
int). Worst case scenario,
the user will use the input field to perform SQL injection and cause serious
damage to our database. So it is always a good idea to have validation in place
whenever we are taking input from the user.Types of Validation
There are two ways we can perform
validation:
·
Client side
validation
·
Server side
validation
Client Side Validation
Client side validation is something that will
happen on users' browser. The validation will occur before the data gets posted
back to server. It is a good idea to have client side validation as the user
gets to know what needs to be changed immediately, i.e., no trips to servers are
made. So from the users' point of view, it gives him fast response and from the
developers' point of view, it saves valuable resources of server.
Server Side Validation
Server side validation occurs at server. The
benefit of having server side validation is that if the user somehow bypasses
the client side validation (accidentally or deliberately), then we can catch the
problem on the server side. So having server side validation provides more
security and ensures that no invalid data gets processed by the application.
Validation Controls in ASP.NET
The validation controls provided by ASP.NET are:
1.
RequiredFiledValidator
2.
CompareValidator
3.
RangeValidator
4.
RegularExpressionValidator
5.
CustomValidatorRequiredFieldValidator
This validation control will be used when we are mandating the user input for
any particular field. Let's say we have a simple form with name field and we
don't want this to be empty. so what we can do is add a
RequiredFieldValidator to the page, set the ControlToValidate to the ID of the name input field, set the
error message property.
CompareValidator
This control will compare the value of its
ControlToValidate with ControlToCompare. It uses the comparison operators to do the
same. Now let us say we have a hypothetical scenario where we want the same name
to be entered twice.RangeValidator
In scenarios where we want to ensure that the value entered by the user is in
some predefined range, we can use this control. Let us try to add this control
on our page and use this to validate the age of the user. We are saying the
valid age is between 18 to 50.
Regular Expression Validator
RegularExpressionValidator comes
in handy when we want input data to be in some specific format. Let us try to do
that on our page by asking the user for his email ID. We will be using the RegularExpressionValidator for validating the format of email id.CustomValidator
If with all these validation controls provided by ASP.NET, we still find
ourselves a scenario where we need customized validation behavior, we can use
the
CustomValidator Control. Let us try to use this control and perform custom
client side as well as server side validation. What we will do is we will check
for '-' character in user input and reject the input if '-' is present in any
field (assuming a SQL injection attempt). Example
Step 1:-
Design a web form as shown below:
WebForm1.aspx
|
<head
runat="server">
<title></title>
<script language="javascript">
function validateName(source, arguments)
{
if(arguments.Value.search('-')
!= -1)
{
arguments.IsValid
= false;
}
}
</script>
</head>
<body>
<form id="form1"
runat="server">
<div>
<table>
<tr>
<td>
Name
</td>
<td>
<asp:TextBox
ID="txtName"
runat="server"></asp:TextBox>
<asp:RequiredFieldValidator
ID="RequiredFieldValidator1"
runat="server"
ErrorMessage="Enter Name"
ControlToValidate="txtName"
Display="Dynamic"></asp:RequiredFieldValidator>
<asp:CustomValidator
ID="CustomValidator1"
runat="server"
ErrorMessage="'-' is not allowed"
ControlToValidate="txtName"
Display="Dynamic"
ClientValidationFunction="validateName"></asp:CustomValidator>
</td>
</tr>
<tr>
<td>
Name Again
</td>
<td>
<asp:TextBox
ID="txtNameAgain"
runat="server"></asp:TextBox>
<asp:RequiredFieldValidator
ID="RequiredFieldValidator2"
runat="server"
ErrorMessage="Enter Name"
ControlToValidate="txtNameAgain"
Display="Dynamic" ></asp:RequiredFieldValidator>
<asp:CompareValidator
ID="CompareValidator1"
runat="server"
ErrorMessage="Name should be same in both the fields"
ControlToValidate="txtNameAgain"
ControlToCompare="txtName"
Display="Dynamic"></asp:CompareValidator>
</td>
</tr>
<tr>
<td>
Age
</td>
<td>
<asp:TextBox
ID="txtAge"
runat="server"></asp:TextBox>
<asp:RequiredFieldValidator
ID="RequiredFieldValidator3"
runat="server"
ErrorMessage="Enter Age"
ControlToValidate="txtAge"
Display="Dynamic"></asp:RequiredFieldValidator>
<asp:RangeValidator
ID="RangeValidator1"
runat="server"
ErrorMessage="Age should be between 18 to 50"
ControlToValidate="txtAge"
Display="Dynamic"
MinimumValue="18" MaximumValue="50"></asp:RangeValidator>
</td>
</tr>
<tr>
<td>
Email ID
</td>
<td>
<asp:TextBox
ID="txtEmail"
runat="server"></asp:TextBox>
<asp:RequiredFieldValidator
ID="RequiredFieldValidator4"
runat="server"
ErrorMessage="Enter Email ID"
ControlToValidate="txtEmail"
Display="Dynamic" ></asp:RequiredFieldValidator>
<asp:RegularExpressionValidator
ID="RegularExpressionValidator1"
runat="server"
ErrorMessage="Invalid Format for Email"
ControlToValidate="txtEmail"
ValidationExpression="^([0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,9})$"
Display="Dynamic">
</asp:RegularExpressionValidator>
</td>
</tr>
<tr>
<td>
</td>
<td>
<asp:Button
ID="btnSubmit"
runat="server"
Text="Submit" OnClick="btnSubmit_Click"
/>
</td>
</tr>
</table>
<br />
<asp:Label
ID="lblName" runat="server"></asp:Label>
<br />
<asp:Label
ID="lblAge" runat="server"
></asp:Label>
<br />
<asp:Label
ID="lblEmail"
runat="server"></asp:Label>
</div>
</form>
</body>
|
WebForm1.aspx.cs
|
using
System;
namespace
InputValidationWebApplication
{
public
partial
class
WebForm1 :
System.Web.UI.Page
{
protected
void
Page_Load(object
sender, EventArgs e)
{
}
protected
void
btnSubmit_Click(object
sender, EventArgs e)
{
lblName.Text = txtName.Text;
lblAge.Text = txtAge.Text;
lblEmail.Text = txtEmail.Text;
txtName.Text = "";
txtNameAgain.Text = "";
txtAge.Text ="";
txtEmail.Text ="";
}
}
}
|
Step 2:-
Run the application
If you do not enter any values and click on submit button, you will get these
error messages. This is the work of Required Field validator’s control.
If you enter hyphen (-) in name field, then you will get this error. This is the
work of Custom validator control.
If the name in both the fields does not match, then you will get this error.
This is the work of Compare validator control.
If the age is not between ranges of 18 to 50, then you will get this error. This
is the work of Range validator control.
If the email id is not in valid format, then you will get this error. This is
the work of Regular expression validator control.
If all the values are filled correctly, then you will get this output.
No comments:
Post a Comment