Opinion on validating a WebForm

[Guest]

i would like the comunity's opinion on validating a Webform. I was wondering
should i validate data that the user enters on a Webform via a Backend
process like SQL Server 2000 or should I use Javascript to validate the data?
Or is there another option such as creating .neT classes?

I can use Javascript files to validate the data. If I use this method I
eliminate of having to go to the server, validate the data, then come back
and redraw the screen.

if I use SQL Server 2000, I can validate the data, but if there is an error
in the code I can fix the problem without installing anything and the fix
will be instantaneuos.

If I use .NET classes, i do not know if there is a benefit there...

so if anyone can give me some opinion on what direction I should go, and
what the industry really recomends i would greatly appreciate it...

Thanks in advance

 

[Guest]

Hello Angel,

The answer to your question depends on your application. All of those
methods apply in general.

There are certain cases when you want to use client side scripting to
validate a control. That is when no heavy data processing is being done and
you don't want to make a round-trip to the server just to, say, check if a
field is missing.

If more processing needs to be done, for example if you need to check user
preferences or privileges based on input, you might want to make the
round-trip.

Finally, if there are data-relational issues to worry about, you might want
to employ a SQL trigger. That is, if you have concurrency fears such as for
example an item having already been purchased, then you employ a trigger.

Just for the record, the first two options I mentioned can be done using the
same controls, i.e. WebForm validation controls. They will automatically
handle client side scripting (at least the basics). The third option requires
triggers.

Keep in mind that for a more advanced application all three options should
be employed, again, depending on your needs.

I hope that helps. Regards,
-Visar

 

[Scott Allen]

Hi Angel:

See comments in-line.

i would like the comunity's opinion on validating a Webform. I was wondering
should i validate data that the user enters on a Webform via a Backend
process like SQL Server 2000 or should I use Javascript to validate the data?
Or is there another option such as creating .neT classes?

In an ideal world you'll validate data at all three points. In the
database you can use constraints to ensure the integrity of your data
at the lowest level.
http://odetocode.com/Articles/79.aspx

I can use Javascript files to validate the data. If I use this method I
eliminate of having to go to the server, validate the data, then come back
and redraw the screen.

You *always* have to validate on the server. Never trust any data
coming from the client. They might disable scripting or write a
malicious piece of software to get around the checks.

if I use SQL Server 2000, I can validate the data, but if there is an error
in the code I can fix the problem without installing anything and the fix
will be instantaneuos.

If I use .NET classes, i do not know if there is a benefit there...

For one, you could have the client side and server side validation
logic packaged into one neat control.
http://odetocode.com/Articles/264.aspx

HTH,

 

[Ken Dopierala Jr.]

Hi,

Many of the projects I work on require the user to have Javascript enabled.
So I do most of my data syntax validation on the client. If some of your
users don't have Javascript enabled then you will need to validate the
syntax on both the client and the server. By syntax I mean the required
fields are filled in, phone number and email are in the proper format and
etc. I then use a class I create to load this data, the class itself has a
validation method and it sends itself to another class that holds business
logic rules. This class then does validation I can't do on the client, for
example making sure a city or state actually resides in the zip code given
and etc. Once my data passes this test it then sends itself to the data
access layer which is just another class. This class may or may not do
additional validation. I try to make it as lean as possible so it's only
real function should be to send the data to SQL Server. I then rely on my
SQL Server design to validate that all constraints are met. If they are the
data is saved and everything is good to go. If not, the data access layer
catches the SQL exception and throws its own and everything is then shifted
to a set of classes that handle errors and provides the correct response
back to the client. Good luck! Ken.

 

[Tampa.NET Koder]

Well, javascript is fine. However, what if I don't have Javascript enabled
(for whatever reason that may be), then what? BTW, you could use the aspnet
validation controls to do the validation for you. When you design your
database, you do simple validation in your initial design like not allowing
nulls and field width validation. You may also create a class that would
act as you business layer to enforce some server side validation. These are
just some things to think about

 

[Steve C. Orr [MVP, MCSD]]

Ideally you'd validate both on the client and on the server.
The built in ASP.NET validation controls do this automatically, so I'd
suggest you make use of them.

Here's more info:
http://www.aspnetpro.com/features/2005/03/asp200503so_f/asp200503so_f.asp