CoverStory
LANGUAGES: VB.NET
ASP.NET VERSIONS: 1.1 | 2.0
Input Validation
Using the Validation Controls in ASP.NET
By Wei-Meng Lee
One of the first lessons a developer learns is the concept of Garbage In, Garbage Out (GIGO). If a user enters invalid data into your application, they can expect the output to be garbage, as well. While this term has been around for a long time, in today s applications you simply cannot afford to have users enter garbage into your applications. As the developer, you must stop them before your application starts to process it. This process is known as input validation.
In this article, I ll show you how to use the validation controls in ASP.NET, and, in particular, how the validation controls have been improved in ASP.NET 2.0.
Basic Validation Controls
To see how the validation controls work, let s create a new Web site project using Visual Studio 2005. Name the Web site C:\ValidationControls.
In this section, you ll see how to use the following basic validation controls:
- RequiredFieldValidator (for ensuring a specified control has a value)
- CompareValidator (for comparing the values of two controls)
- RegularExpressionValidator (for ensuring that a control has a value matching a specified pattern)
- RangeValidator (for checking that the value of a control is within a specified range)
In the Default.aspx page, first insert a 4 x 7 table (Layout | Insert Table). Populate the form with the various controls (Label, TextBox, RequiredFieldValidator, CompareValidator, RegularExpressionValidator, and RangeValidator) and name them as shown in Figure 1. Next, set the properties of the controls as listed in Figure 2. Default.aspx should look like Figure 3.
Figure 1: Populating the
Default.aspx page with the various controls.
Control Name |
Property |
Value |
TextBox1 |
TextMode |
Password |
TextBox2 |
TextMode |
Password |
Button1 |
Text |
Submit |
RequiredFieldValidator1 |
ControlToValidate |
TextBox1 |
ErrorMessage |
User ID required |
|
RequiredFieldValidator2 |
ControlToValidate |
TextBox2 |
ErrorMessage |
Name required |
|
RequiredFieldValidator3 |
ControlToValidate |
TextBox3 |
ErrorMessage |
Password required |
|
RequiredFieldValidator4 |
ControlToValidate |
TextBox5 |
ErrorMessage |
E-mail required |
|
RequiredFieldValidator5 |
ControlToValidate |
TextBox6 |
ErrorMessage |
Please enter your age |
|
CompareValidator1 |
ControlToCompare |
TextBox3 |
ControlToValidate |
TextBox4 |
|
Operator |
Equal |
|
ErrorMessage |
Passwords do not match |
|
RegularExpressionValidator1 |
ControlToValidate |
TextBox5 |
ErrorMessage |
Incorrect email address |
|
ValidationExpression |
\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)* |
|
RangeValidator1 |
ControlToValidate |
TextBox6 |
ErrorMessage |
Invalid age range |
|
MaximumValue |
60 |
|
MinimumValue |
18 |
Figure 2: The values of the various control properties.
Figure 3: Default.aspx after setting
the various control properties.
To see how the various validation controls work, press F5 to debug the Web application. Try clicking the Submit button without filling in the TextBox controls. You ll see the error messages displayed next to each TextBox control. Also, when you enter the password in both TextBox controls, they must be identical or else an error message is displayed. E-mail entered must also be in the valid format. Lastly, the age entered must be within 18 to 60. Figure 4 shows some of the error messages displayed.
Figure 4: Testing the application.
If you examine each of the validation controls, you ll find that, by default, the EnableClientScript property is set to True. This indicates that the validation control should perform its validation on the client side if the Web browser supports it. The beauty of the validation controls is that ASP.NET will automatically generate the client-side JavaScript to perform the validation; there is no need for you to write JavaScript code.
Setting the EnableClientScript property to True helps validate the data on the client side, and helps ensure that all the data posted to the server is always valid. However, this is not always the case. If the Web browser does not support client scripting (or, most likely, the user has disabled client scripting), then un-validated data will still be posted back to the server side. In this case, you must validate the data before proceeding further. This can be done by calling the Validate method of the Page class on the server, then checking the IsValid property. Extending the example above, double-click the Submit button and code the event handler as shown in Figure 5.
Protected Sub Button1_Click( _
ByVal sender As Object, _
ByVal e As System.EventArgs) _
Handles Button1.Click
Page.Validate()
If Page.IsValid Then
'---continue with the processing---
Else
'---print the error message for each control---
Dim errorMessage As String = String.Empty
For Each validator As IValidator In Page.Validators
If Not validator.IsValid Then
errorMessage +=
"
" & validator.ErrorMessage
End If
Next
Response.Write(errorMessage)
End If
End Sub
Figure 5: Extending the validation example.
In the block of code shown in Figure 5, I first call the Validate method to force all the validation controls to perform their validation. Then, I check to see if the data submitted is valid. If any one of the validation controls fails, I ll loop through all the validation controls on the page and print their respective error message.
ValidationSummary Control
In addition to the basic validation controls demonstrated in the last section, there is also a control known as the ValidationSummary control. The ValidationSummary control presents a summary of all the validation errors that have occurred on a form. Perform the following steps to see how the ValidationSummary control works.
Add a ValidationSummary control to the form (see Figure 6). Set the Text property of each validation control to * . The Web form should now look like that shown in Figure 7. Press F5 to test the application. Leave all the fields empty and click the Submit button. You should see the output as shown in Figure 8.
Figure 6: Using the
ValidationSummary control.
Figure 7: Setting the Text property
of each validation control.
Figure 8: The ValidationSummary
control in action.
As you can (hopefully) deduce:
- If the Text property of the validation control is empty, the text in the ErrorMessage property will be used as the error message for the validation control.
- If the Text property of the validation control is set, the text will then be used as the error message of the validation control. The text set in the ErrorMessage property will be used by the ValidationSummary control.
One interesting feature of the ValidationSummary control is its ability to display a message box on the client side (Web browser). To do so, set its ShowMessageBox property to True. You can also turn off the display of the error message on the page itself by setting the ShowSummary property to False. Figure 9 shows the ValidationSummary control displaying a message box on the client side.
Figure 9: Displaying an error
message on the client side.
Validation Group
In ASP.NET 1.x, all controls in a single page are validated together. For example, suppose you have a Search button and a Get Title button, as shown in Figure 10. If you use a RequiredFieldValidator validation control on the ISBN textbox, then clicking the Search button will not result in a postback if the ISBN textbox is empty. This is because the entire page is invalidated as long as one control fails the validation.
Figure 10: Multiple forms on a page.
In ASP.NET 2.0, group validation allows controls in a page to be grouped logically so that a postback in one group is not dependent on another. The best way to explore this new feature is to create a form with multiple postback controls, add a validator control to one of them, then assign each control to a separate group.
Using Visual Studio 2005, create a new Web site project and name the project C:\ValidationGroup. Populate the default Web Form with the Panel, TextBox, and Button controls shown in Figure 11.
Figure 11: A page with multiple
controls.
In the top panel (Panel control 1), you ll configure the Search button to post the search string to the server, which in turn will redirect to Google s site. To do so, double-click on the Search button (btnSearch) and enter the following code in the code-behind to redirect the search string to Google s site:
Sub btnSearch_Click(ByVal sender As Object, _
ByVal e As System.EventArgs) _
Handles btnSearch.Click
Dim queryStr As String = _
HttpUtility.UrlEncode(txtSearch.Text)
Response.Redirect("http://www.google.com/search?q=" _
& queryStr)
End Sub
The TextBox control contained in the bottom panel (Panel control 2) will take in an ISBN and perhaps perform some processing (such as retrieve details of a book from Amazon.com). Next, associate the RequiredFieldValidator control with the ISBN textbox (you can configure it in Source View):
ID="RequiredFieldValidator1"
Runat="server" ErrorMessage="RequiredFieldValidator" ControlToValidate="txtISBN" SetFocusOnError="True"> ISBN required
To divide the controls into two separate validation groups, switch to Source View and use the ValidationGroup attribute, as highlighted in bold in the code sample shown in Figure 12.
...
Width="320px"
Height="22px">
Text="Search" ValidationGroup="SearchGroup"
/> ... Width="212px"
Height="22px"> Text="Get
Title" ValidationGroup="BooksGroup" /> Runat="server" ErrorMessage="RequiredFieldValidator" ControlToValidate="txtISBN" ValidationGroup="BooksGroup">ISBN required ... Figure 12: Use the
ValidationGroup attribute to divide the controls into two separate validation
groups. The Search button is assigned the SearchGroup validation group
while the Get Title button and the RequiredFieldValidator are assigned to the
BooksGroup validation group. Press F5 to test the application. Now you can
click the Search and Get Title buttons independently of each other. Note that controls
that don t set the ValidationGroup attribute belong to the default group, thus
maintaining backward compatibility with ASP.NET 1.x. You ve seen how the validation controls in ASP.NET 1.1 and
2.0 work. You ve also seen how the validation controls can be made to work on
the server side if client-side scripting has been disabled. In any case, proper
validation of user input data is crucial to ensuring the security and proper
working of your Web application. If you ve not taken the task of user input
validation seriously, now is the time to do so. The sample code
accompanying this article is available for download. Wei-Meng Lee (http://weimenglee.blogspot.com)
is a technologist and founder of Developer Learning Solutions, a technology
company specializing in hands-on training on the latest Microsoft technologies.
Wei-Meng speaks regularly at international conferences and has authored and co-authored
numerous books on .NET, XML, and wireless technologies, including ASP.NET 2.0: A Developer s Notebook and Visual Basic 2005 Jumpstart (both from O Reilly
Media, Inc.). Wei-Meng also is a Microsoft MVP. Conclusion