Hi Folks,
I am just wondering if the validation controls, use javascript...or server side code behind...
Clearly, I would prefer it be server-side, because i'm concerned that a potential evil-doer could by-pass the validation, by turning off JS.
If the validation controls use JS --- can someone refer me to proper server side validation techniques (VB).
Thanks,
- Joel
 
 
"The truth is rarely pure and never simple."
- Oscar Wilde, The Importance of Being Earnest

ASP.NET validation controls always use server-side validation, with additional client-side validation as an option (EnableClientScript). And you are right in that you should never rely on client-side validation only, as JS might be broke or disabled.
So the validation controls in ASP.NET can be safely used in your project. 
If this post was useful to you, please mark it as answer. Thank you!

Hi,
Check out the URL's for validations:
http://aspalliance.com/699
http://www.devhood.com/Tutorials/tutorial_details.aspx?tutorial_id=46
http://www.exforsys.com/tutorials/vb.net-2005/vb.net-validation.html
http://www.vb-helper.com/howto_net_use_validation.html
http://www.codeproject.com/KB/vb/pwd.aspx
Regards,
Ahmed

***************************************************
Please don't forget to mark the post as Answer, which helps you.

Thank you.
www.ahmadtasnim.com

i belive... the logical client side validations should be done on client side.. and business logic validations should happen on server side...
and by turning off your JS.. you will achieve nothing.. as today web is completly JS driven.. Examples
Ajax
tree control
Accordion 
drag drop and list is bigger then a epic...  but it depends how we are developing our application.. there are many JS driven websites abd they are threat safe....
So again Client validations on client side server validations on server side
"Mark as answered if you feel this helps you"
"Curiosity is Bliss"
Regards,

Ravi Kant Srivastava
(Sr. Software Engineer)
Connexxions Business 
Mumbai
INDIA

 blurearc:
So again Client validations on client side server validations on server side
I have yet to see a system where client validations are performed on the server - and vice versa  
If this post was useful to you, please mark it as answer. Thank you!

The ASP.NET validation controls can do both - client side as well as server side validation. They first see if the browser is capable (uplevel browser) and injects the corresponding javascript code to handle the validation at the client side. Otherwise (downlevel browser) it's server side validation. 

Hi there,
All user input data validation should occur on the server and minimally on the client-side, though it is a good way to reduce server load and network traffic because we can ensure that only data of the appropriate type is submitted from the form. It is totally insecure. The user can view the code used for validation and create a workaround for it. Secondly, the URL of the page that handles the data is freely visible in the original form page. This will allow unscrupulous users to send data from their own forms to your application. Client-side validation can sometimes be performed where deemed appropriate and feasible to provide a richer, more responsive experience for the user.
Kalyan Krishna.B
(Web Developer)

Email: kalyandotnetdeveloper@gmail.com

 Client side validation should only be to enhance the user's experiance of the page. Server-side validation can and should be rigoursly unit-tested. Wherever there is a security implication to the sending of bad data then the validation needs to be server-side.
I am about to publish some Filer functions as part of the CommonData project on CodePlex. http://www.codeplex.com/CommonData 
Currently I am working on C# version, a VB.NET version will follow later. 
Don't forget to click "Mark as Answer" on the post that helped you.
This credits that member, earns you a point and marks your thread as Resolved so we will all know you have been helped. 

Hi,

Thank you all for your reply, so just to clarify. the validation controls do use server side code...with the option to use client side code.
Will they ever choose ot use client side over server side code, if it detects a capable browswer?

Thanks,
- Joel
"The truth is rarely pure and never simple."
- Oscar Wilde, The Importance of Being Earnest

You can bypass the server valdiation only if you really want, but then it is a deviation [from the original behavior] that *you* have to make in your code. There's no way that the browser can disable/"triumph" the server validation depending on its [the browser] capabilities.
If this post was useful to you, please mark it as answer. Thank you!