This article will not go through what validation is and what are the available ASP.NET validation controls ranging from RequiredFieldValidator to CustomValidator as you can find many artciles around teaching you how to use them deeply and effectively;
This article focuses mainly about the criteria .NET uses to validate inputs

Problem Identification


Everything thrown or sent to the browser is mainly plain HTML or JavaScript or DHTML, ASP.NET Validators renders as HTML , JavaScript , and HTML , All the functionality required by the validators are put inside the Javascript which is sent to the browser , and it hides and shows error messages associated with one validator according to the type of the validator itslef, The risky question is what if the browser doesn't support JavaScript , I know that it may such a silly question in the current days of XP and IE 6.x , but sometimes NetScape navigator doesn't understand the Javascript generated by ASP.NET Validators ( I have met it myself ) ; furthermore the user or visitor of your site may try to break your validation scheme and disables the client side script so the validators will NEVER work on the client and if you validate some input from a textbox to be a date for example the user may writes his name and he will be able to post his name as a date because the client side JavaScript is disabled .. Now Unfortunately your system is down , because you put all eggs in one basket which is the client side validation ; I hope you have a clear understanding of what the proleme is now .. so let's see the proposed solutions ..

Proposed Solution



Validation Conrols are designed so that if the client side script is disabled it will get it when the page posts back and after processing some events , you will be surprised when you get the error messages shown to you as you are used to with validators but the only difference is that these pretty error messages are just shown after the user posts back his InValid Entries..

So The rule is : "If the Client Side Script is Disabled , Validation Will be Evaluated on the server, And normal Error messages are shown to the user , but the new problem is that the Invalid Entries are posted back to your application !! So we've got a new roundtrip .."


Imagine that you have a registeration form inside your application and everybody around is invited to register himself to your system but some users have disabled their client script in their browsers so now they can post invalid entries by simply submitting the entered data ,You have Submit button when the user submits the registeration form a record is added to your database

Private Sub 

Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
'Insert Record Into Database , We assume that the database 
'doesn't fire or throw any error due to datatype incompatability 
'This is the biggest problem now you have added a record to your database and after adding 
'it the error messages are shown to the user !! how messy now we should prevent 
'adding the row to the database ..
End Sub

So now we want to check if the client side script is disabled or not supported by the targeted browser , we can do this by checking
the Page.IsValid property; it's evaluates to true if all the validators of the page are valid otherwise it's false, some of my colleagues were thinking that there is no need to check this property on the server as long as "if the page is not valid it wouldn't post back"
this is true only and only if the client side script is enabled .. but in our case we should check it , it's one of the best practices , you should always be at the safe side ...!

If Page.IsValid Then
' Add user to database
Else
' Do nothing or show error message ...
 End If