Data Input Validation Using ASP.NET Forms


Ask a group of web developers about the critical importance of data validation and you’re sure to get many heads nodding, for they know all too well the security of their own job depends on how successful they are at executing this task. Sites that lack data validation features are sure to invite errors downstream as that information is stored, processed, and ultimately, relied on erroneously.

Since the inception of web sites that did more then simply act as fancy brochures there’s been scant resources for the web developer to utilize for this purpose, and often times, getting data validation to work properly felt like fitting round pegs into square holes to effectively provide a web site with the proper data validation necessary to capture reliable information.


One of the truisms that most web developers I’ve spoken to agree on is that end-users of a website are innately ignorant and will mess up data entry in a web form if given the chance. It is therefore the job of web developers to make his or her pages utilize a client-side scripting language, such as JavaScript to verify the data being entered. What needs to be validated is often up to the web developer. It is his or her duty to determine how extensively he needs to fool-proof his web form. Often times you just need to make sure that required fields are entered. Other times you need to ensure that the correct data type is entered; and still other times you need to make sure a user's input conforms to a certain standard (such as telephone numbers, social security numbers, etc.).

Let's look at an example. Let us say that you are wanting to collect information from your users about how they rate your site. You may have a form asking for the following fields:

• Their full name
• Their e-mail address (which you make optional)
• A rank for the site ranging from 1 – 10

We would want to write a JavaScript function to ensure that the name field had a value in it, and that the site ranking had a value between 1 and 10 in it. Let's take a look at what the JavaScript would look like (code is incomplete due to space and tag usage limitations):


function ValidateData() {
var CanSubmit = false;
// Check to make sure that the full name field is not empty.
CanSubmit = ForceEntry(document.forms[0].txtName,"You supply a full name.");
// Check to make sure ranking is between 1 and 10
if (CanSumbit) CanSubmit = ValidRanking();
return CanSubmit;
And submitted here:
FORM NAME="frmSiteRanking" METHOD="GET" ACTION="SiteRanking.asp" ONSUBMIT="return ValidateData();"

This is one small example of validating data prior to the introduction of ASP.NET. In this world, developers had to write all of their own validation routines and cut and paste them in the various ASP scripts that needed to employ various validation techniques. Imagine needing to write similar scripts for every last form input value that an end-user might mess up. All in all, it was a real headache. This is where ASP.NET form validation server controls come into play.

ASP.NET to the Rescue

Validation Web controls are ASP.NET Web controls designed specifically to validate form field entries. For example, ASP.NET contains a RequiredFieldValidation control, which, as its name suggests, can be used to ensure that the user enters a value into a form field (such as a TextBox). Specifically, ASP.NET provides the following form field validation controls:

1. RequiredFieldValidator - Checks to make sure the user entered a value.
2. CompareValidator - Compares a form field's value with the value of another form field using relations like less than, equal, not equal, etc.
3. RangeValidator - Ensures that a form field's value is within a certain range.
4. RegularExpressionValidator - Makes sure that a form field's value corresponds to a specified regular expression pattern.
5. CustomValidator - Checks the form field's value against custom validation logic that you, the developer, provide.
6. Validation Summary - display a summary of the results from all validation controls on the page.

By default, page validation is performed when a control, such as button, ImageButton, or LinkButton is clicked. You can prevent validation from being performed when a button control is clicked by setting the CausesValidation property of the button control to false. This property is normally set to false for a cancel or clear button to prevent validation from being performed when the button is clicked.

Let’s take a closer look at one of these controls in greater detail.



ControlToValidate="ProgrammaticID of control to validate"
ErrorMessage="Message to display in ValidationSummary control"
Text="Message to display in control"
BackColor="value" runat="server"

Use the RequiredFieldValidator control to make an input control a mandatory field. The input control fails validation if the value it contains does not change from its initial value when validation is performed. This prevents the user from leaving the associated input control unchanged. By default, the initial value is an empty string (""), which indicates that a value must be entered in the input control for it to pass validation.
Note Extra spaces at the beginning and end of the input value are removed before validation is performed. This prevents a space being entered in the input control from passing validation.

The following example demonstrates how to use the RequiredFieldValidator control to make a TextBox control a mandatory field:

form runat="server"
Name:asp:TextBox id="Text1"
Text="Enter a value" runat="server"
asp:RequiredFieldValidator id="RequiredFieldValidator1" ControlToValidate="Text1"-->links validator to text box
Text="Required Field!"
asp:Button id="Button1" runat="server" Text="Validate"


Instead of the web developer needing to write extensive client-side JavaScript to validate this field the Validation Control does much of the work itself by linking validation rules to any HTML input control requiring similar examination. Significant time is saved, and the developer can focus on what really counts… the actual content being developed, instead of the minutia of old-style, client validation code.

No feedback yet