Programming Microsoft ASP.NET 4 - Dino Esposito [204]
function CheckMembership(source, arguments)
{
// Retrieve the current value of the element
// with the specified ID
var membership = document.getElementById("membership").value;
...
}
Warning
Setting only a client-side validation code opens a security hole because an attacker could work around the validation logic and manage to have invalid or malicious data sent to the server. By defining a server event handler, you have one more chance to validate data before applying changes to the back-end system.
To define a server-side handler for a custom validator, use the ServerValidate event:
void ServerValidation(object source, ServerValidateEventArgs e)
{
...
}
The ServerValidateEventArgs structure contains two properties—IsValid and Value—with the same meaning and goal as in the client validation function. If the control is not bound to a particular input field, the Value property is empty and you retrieve any needed value using the ASP.NET object model. For example, the following code shows how to check the status of a check box on the server:
void ServerValidation (object source, ServerValidateEventArgs e) {
e.IsValid = (CheckBox1.Checked == true);
}
The CustomValidator control is the only option you have to validate controls that are not marked with the [ValidationProperty] attribute—for example, calendars and check-box controls. Likewise, it is the only option you have to validate multiple values and/or multiple controls linked by some relationship. Finally, CustomValidator is also your starting point for building some remote validation via AJAX. The simplest way of doing that is just by using some JavaScript that, from within the bound client validator, calls into a server method. The jQuery library is perfect for the job.
The RegularExpressionValidator Control
Regular expressions are an effective way to ensure that a predictable and well-known sequence of characters form the user’s entry. For example, using regular expressions you can validate the format of postal codes, Social Security numbers, e-mail addresses, phone numbers, and so on. When using the RegularExpressionValidator control, you set the ValidationExpression property with the regular expression, which will be used to validate the input.
The following code snippet shows a regular expression validator that ensures the user’s entry is an e-mail address:
ValidationExpression="[a-zA-Z_0-9.-]+\@[a-zA-Z_0-9.-]+\.\w+" ErrorMessage="Must be a valid email address." /> The regular expression just shown specifies that valid e-mail addresses are formed by two nonzero sequences of letters, digits, dashes, and dots separated by an @ symbol and followed by a dot (.) and an alphabetic string. (This might not be the perfect regular expression for e-mail addresses, but it certainly incorporates the majority of e-mail address formats.) Note The regular expression validation syntax is slightly different on the client than on the server. The RegularExpressionValidator control uses JavaScript regular expressions on the client and the .NET Framework Regex object on the server. Be aware that the JavaScript regular expression syntax is a subset of the Regex model. Whenever possible, try to use the regular expression syntax supported by JavaScript so that the same result is obtained for both the client and server. The RangeValidator Control MinimumValue="2000-1-4" MaximumValue="9999-12-31" Type="Date" ErrorMessage="Must be a date after Jan 1, 1999." /> The key properties
The RangeValidator control lets you verify that a given value falls within a specified range. The type of the values involved in the check is specified dynamically and picked from a short list that includes strings, numbers, and dates. The following code shows how to use a range validator control: