The Barnes & Noble Review
With ASP, Microsoft delivered an easy, powerful solution for creating dynamic web applications and pages -- and developers responded enthusiastically. Now, Microsoft is reinventing ASP as part of its .NET framework -- and, as Scott Mitchell puts it, "writing ASP.NET pages is an entirely different experience." The transition is likely to be worth the pain. ASP.NET pages are compiled, supercharging performance; the ASP.NET data caching module helps you eliminate pesky data access bottlenecks; ADO+ is way easier to use; apps are easier to deploy; and on, and on.
In ASP.NET: Tips, Tutorials, and Code, Mitchell organizes a team of ASP experts to probe every nook and cranny of ASP.NET. If you're an experienced ASP developer, this book -- based on the feature-complete ASP.NET Beta 2 -- will give you a great headstart on your next-generation web development projects.
Mitchell's team covers everything from form field input validation to error handling, data presentation to XML support. You'll find chapters on debugging; deployment and configuration; security; performance optimization; and separating code from content. You'll also find plenty of code -- mostly VB.NET, some C#, all of it on the CD-ROM, along with the complete ASP.NET beta it's based on.(Bill Camarda)
--Bill Camarda is a consultant, writer, and web/multimedia content developer with nearly 20 years' experience in helping technology companies deploy and market advanced products and services. He served for nearly ten years as vice president of a New Jersey-based marketing company, where he supervised a wide range of graphics and web design projects. His 15 books include Special Edition Using Word 2000.
Read an Excerpt
Chapter 3: Form Field Input Validation
In this chapter you will learn
If you're reading this book, you've no doubt created HTML forms to collect information
from the users visiting your Web site. For example, if you want to create a form for a user
to send feedback to the Webmaster, you might create a form with two text boxes: one for
the user's email address (so the Webmaster can reply to the user's feedback), and another for
the user's comments.
- How to use the
- How to use the CompareValidator
- How to use the RangeValidator
- How to use the
- How to use the CustomValidator
- How to use the
Unfortunately, HTML controls provide no sort of inherent data validation. That is, when you
create a text box with the following code, the user can enter any sort of value, from something
valid (such as Mitchell@ASP.NET) to something nonsensical (such as 76!r.2):
Enter your Email Address:<input type="text" name=="txtEmail">
With classic ASP, the developer would have had to create some sort of form-validation routine
to ensure that the email address text box contains a valid email address.
The process of creating form-validation routines for every form on a Web site is both tiresome
and error prone. Because no form-validation library shipped with classic ASP, developers were
on their own to create their form-validation functions.
Fortunately, with ASP.NET, form validation is a breeze. ASP.NET pages can include validation
controls, which are Web controls used to ensure that the entered values in form fields meet
developer-defined criteria. In this chapter we will look at how to use these incredibly useful
1. Validating Form Field Input with ASP.NET's Validation Controls
To help with form validation, ASP.NET ships with five validation controls (and a
ValidationSummary control). Over the next six sections, we'll examine these five controls and
the ValidationSummary control, looking at how they can be used to provide extensive form
validation with just a few lines of code!
Before we delve into the validation controls, let's take a step back and look at fundamentals of
form validation. Form validation can take one of two forms:
on the client's Web browser. This code is usually executed when the user attempts to
submit a form: If the form fields are valid, the form submits; otherwise, the user is usually
shown some message regarding his invalid form information. The nice thing about client-side
form validation is that it executes entirely on the client's machine and doesn't require a
roundtrip to the Web server. It can be used, then, to quickly detect any validation errors and
alert the user of such errors. Client-side form validation has its downsides, though. For
Some older browsers don't have this feature, and some Web surfers explicitly turn off
- Client-side form validation
- Server-side form validation
Server-side form validation, on the other hand, takes place after the user submits the form but
before any action is done on the submitted data. The main advantage of server-side form vali-dation
is that it will work regardless of the user's browser or browser configuration.
Additionally, clever visitors can easily bypass any sort of client-side form validation. With
server-side form validation, however, it is impossible for users to circumvent the validation
When developing forms in classic ASP, developers were highly encouraged to use both client-side
and server-side form validation because both have advantages. In my experiences, I found
that most classic ASP developers just used server-side form validation (if any form validation at
all). Using just client-side form validation should be avoided unless your Web application will
be used in an environment where you know none of the users to be malicious and you are certain
that they are all using modern browsers with client-side scripting features enabled.
The ASP.NET validation controls always use server-side form validation. However, if the user's
browser can support DHTML features, client-side form validation is automatically included as
You can explicitly specify that the validation controls should never use client-side form validation
on a page-by-page basis. Simply set the ClientTarget property to Downlevel using the
@Page directive at the top of your ASP.NET page:
<%@Page ClientTarget="Downlevel " %%>
This will cause all the validation controls on the Web page to not use client-side form validation,
regardless of the visitor's browser. Unfortunately you cannot specify client-side form validation
on a validation control–by–validation control basis.
Again, regardless of whether client-side form validation is used, server-side form validation will
always be employed by the ASP.NET validation controls.
2. Using the RequiredFieldValidator Control
The RequiredFieldValidator control, as its name implies, is useful when you have a form
field that the user must enter before she can successfully submit the form.
There are many situations in which a form field requires an entry before processing can continue.
For example, many Web sites have a “members-only" area, where a visitor must supply
his username and password to proceed to a particular area of the Web site. With such a login
form, both the username and password fields would be required fields. Listing 3.2.1 contains
the code for an ASP.NET page that, when first loaded, presents the user with two text boxes for
her username and password.
Listing 3.2.1 Using a RequiredFieldValidator Control Ensures That the User Enters a Value
for a Form Field
1:<script language="vb " runat=="server ">
2:Sub Page_Load(sender as Object,e as EventArgs)
3:If Page.IsPostBack then
4:‘ The User has submitted the form..Is it valid?
5:If Page.IsValid then
6:‘ Yes it is,,check to make sure password/username are valid
7:‘ Then do whatever you intended on doing if they're login
8:‘ credentials were ((or were not)valid.
10:‘ The page is not valid,,meaning they either didn't enter
11:‘ the username or password
12:Response.Write(“You must enter both the username and password.")
20:<form method="post " runat=="server ">
22:<asp:textbox runat="server " id=="txtUserName " //>
23:<!--Create a RequiredFieldValidator Control for txtUserName -->
24:<asp:RequiredFieldValidator runat="server "
25:id="reqUserName " ControlToValidate=="txtUserName "
27:Enter your UserName!
31:<asp:textbox runat="server " id=="txtPassword " TextMode=="Password " //>
32:<!--Create a RequiredFieldValidator Control for txtPassword -->
33:<asp:RequiredFieldValidator runat="server "
34:id="reqPassword " ControlToValidate=="txtPassword "
36:Enter your Password!
39:<p><asp:button runat="server " id=="btnSubmit " Text=="Login!" //>
Let's begin our examination of Listing 3.2.1 at line 18, where the HTML section begins. On
line 20, a postback form is created. On line 22, a text box, txtUserName, is created for the visi-tor
to enter her username into. Next, a RequiredFieldValidator control is created (lines 24