ASP.NET Web窗体验证控件是服务器端还是客户端验证? [英] ASP.NET Web Forms Validation Controls are Server-Side or Client-Side Validation?
本文介绍了ASP.NET Web窗体验证控件是服务器端还是客户端验证?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想知道ASP.NET Web窗体验证控件是服务器端还是
客户端表单验证?由于我认为每个验证器控件都可以选择
1)基于JavaScript的错误对话框或2)显示控件旁边的错误消息
。例如,如果文本字段为空,其中包含RequiredField
Validator控件,则可以通过两种方式在
中显示ControlToValidate属性中的值。
请指教。谢谢!
解决方案
所有验证控件都执行各自的验证两个客户端
和服务器端。验证首先在客户端完成,以防止在数据被证明违反验证
规则时浪费了b $ b浪费在服务器上。假设数据是好的(或似乎是),则在服务器上再次验证
以捕获客户端的任何欺骗尝试。
验证控件具有EnableClientScript和EnableClientScript。属性(默认为
true)表示客户端验证是否应该实际发生
(这可能是因为客户端可能有脚本
关闭)。即使此设置为false,服务器端验证仍将发生
。
现在针对您的具体问题,在VS.NET 2002中,只有一种方式,
验证器将显示其错误消息,并在显示验证控件的页面上显示错误消息
。
没有设置在JavaScript中出现的消息alert()对话。这是
的例外,这是ValidationSummary控件,它有一个ShowMessageBox
属性,其中所有验证失败的摘要结果为
将在JavaScript中显示alert()对话框。
" Matt" <毫安******* @ hotmail.com>在消息中写道
新闻:OZ ************** @ TK2MSFTNGP11.phx.gbl ...我想知道是否ASP.NET Web窗体验证控件是服务器端还是客户端表单验证?因为我认为每个验证器控件都可以
选择1)基于JavaScript的错误对话框或2)向控件显示下一个
的错误消息。例如,如果文本字段为空,并带有RequiredField
Validator控件,它可以在我提到的两种方式中显示ControlToValidate属性中的值。
请指教。谢谢!
谢谢Scott。
对于您提到的服务器端验证:验证再次在服务器上执行,以捕获客户端的任何欺骗尝试。什么
是否意味着欺骗客户的企图?你能给出一些具体的
例子吗?
谢谢!
" Scott M." < S - *** @ BADSPAMsnet.net>在消息中写道
新闻:#q ************* @ TK2MSFTNGP12.phx.gbl ...所有验证控件都执行他们各自的验证BOTH
客户端和服务器端。验证首先在客户端完成,以防止在知道数据违反
验证规则时浪费到服务器。假设数据是好的(或似乎是),则在服务器上再次执行验证
以捕获客户端的任何欺骗尝试。
验证控件具有EnableClientScript和EnableClientScript。 property(默认为
为true)表示客户端验证实际上是否应该占用
(这可能是因为客户端可能已关闭脚本)。即使这个设置为false,服务器端验证仍然会发生
。
现在针对您的具体问题,在VS.NET 2002中,只有一种方式可以使用
验证器将显示其错误消息,即在放置验证控件的页面上显示错误
消息。在JavaScriptalert()中没有设置
的消息。对话。
这个例外是ValidationSummary控件,它有一个ShowMessageBox
属性,其中所有失败的验证的摘要结果将显示在JavaScriptalert()中;对话框。
" Matt" <毫安******* @ hotmail.com>在消息中写道
新闻:OZ ************** @ TK2MSFTNGP11.phx.gbl ...我想知道是否有ASP.NET Web表单验证控件是服务器端
或客户端表单验证?因为我认为每个验证器控件都可以选择1)基于JavaScript的错误对话框或2)在控件旁边显示错误消息
。例如,如果文本字段为空且具有RequiredField
Validator控件,则它可以通过两种方式显示ControlToValidate属性中的值
。
请指教。谢谢!
" Spoofing"是网上最古老的问题之一...
假设我经营一家公司并在我的网站abc.com上有一张表格
要求您填写某些信息并强制执行此操作,包括
一些客户端代码,以检查您是否已填写该数据,然后
表单将提交数据回到我的身边(abc.com)。
现在,让我们说一旦页面发送到你的浏览器后你就查看我的源代码了
你的浏览器(客户端)并将该源代码保存到您的硬
驱动器上的本地文件中。您现在已经制作了我的网页副本并将其保存在您自己的
机器上。你进入我的代码并删除我的所有JavaScript,这些都是强制执行所需数据并保存你的页面副本,而不是那些
的东西。
现在,您调出我的网页修改后的版本并填写表格
(或者不填写表格)并点击提交...自从表格仍然会将数据发回给我(abc.com),我现在收到你发送的任何内容(或
没有发送)。表单不再检查您。这是欺骗。
因为.NET验证控件也会在服务器上检查
作为客户端,在我刚刚描述的示例中(欺骗) ),您的错误形成的
数据提交将不会被客户端捕获(您删除了那个记住)
由服务器提供。因此,在.NET中,欺骗不是问题。
希望这会有所帮助!
Scott M.
" Matt" <毫安******* @ hotmail.com>在消息中写道
news:e3 ************** @ TK2MSFTNGP12.phx.gbl ...谢谢Scott。
对于服务器端验证,您提到:在服务器上再次执行验证以捕获客户端的任何欺骗尝试。
这是什么意思客户的欺骗行为?你能举一些具体的例子吗?
谢谢!
Scott M. < S - *** @ BADSPAMsnet.net>在消息中写道
新闻:#q ************* @ TK2MSFTNGP12.phx.gbl ...所有验证控件都执行各自的验证客户端和服务器端。验证首先在客户端完成,以防止在数据被违反
验证规则时浪费到服务器。假设数据是好的(或似乎是),验证是
再次在服务器上执行以捕获客户端的任何欺骗尝试。
<验证控件具有EnableClientScript和EnableClientScript。 property(其中
默认为true)以指示客户端验证是否应该实际上发生(这可能是针对客户端的情况可能有脚本
关闭)。即使此设置为false,服务器端验证
仍将发生。
现在针对您的具体问题,在VS.NET 2002中,只有一种方法,
a验证器将显示其错误消息,并在显示验证控件的页面上显示错误
消息。没有设置
来自JavaScriptalert()的消息。对话。这个例外
是ValidationSummary控件,它有一个ShowMessageBox
属性,其中所有失败的验证的摘要结果将显示在JavaScriptalert()中;对话框。
" Matt" <毫安******* @ hotmail.com>在消息中写道
新闻:OZ ************** @ TK2MSFTNGP11.phx.gbl ...我想知道是否有ASP.NET Web表单验证控件是
服务器端或客户端表单验证?因为我认为每个验证器控件都可以
选择1)基于JavaScript的错误对话框或2)显示错误消息到控件。例如,如果文本字段为空,
RequiredField Validator控件,它可以显示ControlToValidate属性中的值
以我提到的两种方式。
请指教。谢谢!
I want to know if ASP.NET Web Forms Validation Controls are Server-Side or
Client-Side form validation? Since I think each validator control can select
either 1) JavaScript based error dialog or 2) show the error message next to
the control. For example, if the text field is empty with RequiredField
Validator control, it can show the value in ControlToValidate property in
two ways as I mentioned.
Please advise. Thanks!解决方案All the validation controls perform their respective validations BOTH client
and server side. The validation is first done client side to prevent a
wastefull trip to the server when the data is know to violate the validation
rules. Assuming the data is good (or seems to be), the validation is again
performed on the server to catch any spoofing attempts by the client.
Validation controls have an "EnableClientScript" property (which defaults to
true) to indicate if the client side validation should, in fact, take place
(this is presumably for situations when the client might have scripting
turned off). Even if this setting is false, the server side validation will
still occur.
Now to your specific question, in VS.NET 2002, there is only 1 way that a
validator will show its error message and that is to show the error message
on the page where the validation control is placed. There is no setting for
the message to come up in a JavaScript "alert()" dialog. The exception to
this is the ValidationSummary control which does have a "ShowMessageBox"
property where the summary results from all validations that have failed
will show in a JavaScript "alert()" dialog.
"Matt" <ma*******@hotmail.com> wrote in message
news:OZ**************@TK2MSFTNGP11.phx.gbl...I want to know if ASP.NET Web Forms Validation Controls are Server-Side or
Client-Side form validation? Since I think each validator control can select either 1) JavaScript based error dialog or 2) show the error message next to the control. For example, if the text field is empty with RequiredField
Validator control, it can show the value in ControlToValidate property in
two ways as I mentioned.
Please advise. Thanks!
Thanks Scott.
For the server side validation you mentioned: "the validation is again
performed on the server to catch any spoofing attempts by the client." What
does it mean "spoofing attempts by the client?" Can you give some concrete
examples?
thanks!
"Scott M." <s-***@BADSPAMsnet.net> wrote in message
news:#q*************@TK2MSFTNGP12.phx.gbl...All the validation controls perform their respective validations BOTH client and server side. The validation is first done client side to prevent a
wastefull trip to the server when the data is know to violate the validation rules. Assuming the data is good (or seems to be), the validation is again performed on the server to catch any spoofing attempts by the client.
Validation controls have an "EnableClientScript" property (which defaults to true) to indicate if the client side validation should, in fact, take place (this is presumably for situations when the client might have scripting
turned off). Even if this setting is false, the server side validation will still occur.
Now to your specific question, in VS.NET 2002, there is only 1 way that a
validator will show its error message and that is to show the error message on the page where the validation control is placed. There is no setting for the message to come up in a JavaScript "alert()" dialog. The exception to
this is the ValidationSummary control which does have a "ShowMessageBox"
property where the summary results from all validations that have failed
will show in a JavaScript "alert()" dialog.
"Matt" <ma*******@hotmail.com> wrote in message
news:OZ**************@TK2MSFTNGP11.phx.gbl...I want to know if ASP.NET Web Forms Validation Controls are Server-Side or Client-Side form validation? Since I think each validator control can selecteither 1) JavaScript based error dialog or 2) show the error message next tothe control. For example, if the text field is empty with RequiredField
Validator control, it can show the value in ControlToValidate property
in two ways as I mentioned.
Please advise. Thanks!
"Spoofing" is one of the oldest problems on the web...
Let''s say I run a business and have a form on my web site abc.com that
requires that you fill in certain information and enforces this by including
some client side code to check that you have filled that data in before the
form will submit data back to me (abc.com).
Now, let''s say you view my source code once the page has been delivered to
your browser (client) and save that source code to a local file on your hard
drive. You have now, made a copy of my web page and saved it on your own
machine. You go into my code and remove all my JavaScript that was
enforcing the required data and save your copy of my page without all that
stuff.
Now, you bring up YOUR MODIFIED VERSION of my web page and fill in the form
(or don''t fill in the form) and hit submit...Since the form will still send
the data back to me (abc.com), I will now recieve whatever you sent (or
didn''t send). The form no longer checks you. This is spoofing.
Because .NET validation controls will do their check on the server as well
as the client, in the example I just described (spoofing), your mal-formed
data submission will be caught not by the client (you removed that remember)
by the server. So, in .NET, spoofing is not a problem.
Hope this helps!
Scott M.
"Matt" <ma*******@hotmail.com> wrote in message
news:e3**************@TK2MSFTNGP12.phx.gbl...Thanks Scott.
For the server side validation you mentioned: "the validation is again
performed on the server to catch any spoofing attempts by the client." What does it mean "spoofing attempts by the client?" Can you give some concrete
examples?
thanks!
"Scott M." <s-***@BADSPAMsnet.net> wrote in message
news:#q*************@TK2MSFTNGP12.phx.gbl...All the validation controls perform their respective validations BOTH clientand server side. The validation is first done client side to prevent a
wastefull trip to the server when the data is know to violate the
validationrules. Assuming the data is good (or seems to be), the validation is
againperformed on the server to catch any spoofing attempts by the client.
Validation controls have an "EnableClientScript" property (which defaults totrue) to indicate if the client side validation should, in fact, take place(this is presumably for situations when the client might have scripting
turned off). Even if this setting is false, the server side validation
willstill occur.
Now to your specific question, in VS.NET 2002, there is only 1 way that a validator will show its error message and that is to show the error
messageon the page where the validation control is placed. There is no setting
forthe message to come up in a JavaScript "alert()" dialog. The exception to this is the ValidationSummary control which does have a "ShowMessageBox"
property where the summary results from all validations that have failed
will show in a JavaScript "alert()" dialog.
"Matt" <ma*******@hotmail.com> wrote in message
news:OZ**************@TK2MSFTNGP11.phx.gbl...I want to know if ASP.NET Web Forms Validation Controls are Server-Side or Client-Side form validation? Since I think each validator control can
selecteither 1) JavaScript based error dialog or 2) show the error message nexttothe control. For example, if the text field is empty with
RequiredField Validator control, it can show the value in ControlToValidate property
in two ways as I mentioned.
Please advise. Thanks!
这篇关于ASP.NET Web窗体验证控件是服务器端还是客户端验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
