EnableClientScript property on validation control:Leaving the default value (true) of EnableClientScript is a first line of defense, good for 90% of situations. Leaving EnableClientScript as default or setting it to true avoids a postback. If you look at the page source with property setting EnableClientScript="false", you will see some javascript that does the client side validation without posting back. If you look at the page source with property setting EnableClientScript="true", you will see not see any javascript in the source.
You should also check the value of Page.IsVaild in your code behind to handle situations in which the client disabled JavaScript or otherwise circumvented your client-side validation
In Fritz Onion's Essential ASP.NET book:
"As soon as you place a validation control on a page, it is imperative that you check the IsValid flag of the Page class before using any of the data posted by the client. It is a common misconception that if validation fails on a page, the code for that page will not execute. On the contrary, the only thing that happens when server-side validation fails is that the IsValid flag of the Page class is set to false, and each validation control that failed renters itself as a visible span so that the error indicator shows up when the page is redisplayed to the user."
No comments:
Post a Comment