What is the best way to use validation on your site when I want to give people client side "helper" validation such as password not long enough, email is incorrect format but also do server side validation and return errors such as username already exists and have both client and server validation messages visually be displayed the same to the user with the minimal amount of duplication.
当我想给客户端“帮助”验证时,例如密码不够长,电子邮件格式不正确,以及服务器端验证和返回错误(如用户名)已经存在并且已经存在,那么在您的网站上使用验证的最佳方法是什么?客户端和服务器验证消息在视觉上以相同的最小重复次数显示给用户。
4 个解决方案
#1
Client validation can be circumvented easily. You should always validate sensitive data on server, regardless of client validation. Validating them on client too is just a matter of improved user experience.
可以轻松规避客户验证。无论客户端验证如何,您都应始终验证服务器上的敏感数据。在客户端验证它们只是改善用户体验的问题。
BTW, ASP.NET validation controls do both.
顺便说一句,ASP.NET验证控件都可以。
#2
The best hybrid solution is generally to centralize your validation server-side and rely on client-side calls to the server-side stuff. This has a number of advantages:
最好的混合解决方案通常是集中验证服务器端,并依赖客户端调用服务器端的东西。这有许多优点:
- You'll only write validation code once, on the server.
- Client-side validation can be circumvented, but it doesn't matter; the server is checking everything anyway.
- You get an improved user experience at no or little additional development cost.
您只需在服务器上编写一次验证代码。
客户端验证可以被规避,但无关紧要;无论如何,服务器正在检查一切。
您可以获得更好的用户体验,无需额外的开发成本。
The primary disadvantage is that you pay twice as much for validation processing, but that's not too harsh.
主要的缺点是你需要支付两倍的验证处理费用,但这并不是太苛刻。
#3
You cannot be sure if anything like client-side validation really occurred. If javascript is not available on client side (no-script or disabled JavaScript) it never runs. On post back before any further processing you should call validate method on page using following code:
您无法确定是否真的发生了类似客户端验证的事情。如果javascript在客户端不可用(无脚本或禁用JavaScript),它永远不会运行。在进行任何进一步处理之前的回发中,您应该使用以下代码在页面上调用validate方法:
if(!IsValid)
{
//inform your user about error(s)
return;
}
//do further processing
if you have validation groups then you can call validate method with group name:
如果您有验证组,则可以使用组名称调用validate方法:
if!(Validate("groupName"))
{
//inform your user about error(s)
return;
}
//do further processing
#4
The best way would be to use the ASP.NET validation controls to present the simple 'hints' as the client (as mentioned by Mehrdad these will provide client and server side validation) and then use CustomValidators for the elements that need server interactions such as verifying usernames, etc.
最好的方法是使用ASP.NET验证控件来呈现简单的“提示”作为客户端(如Mehrdad所提到的那些将提供客户端和服务器端验证),然后将CustomValidators用于需要服务器交互的元素,如验证用户名等
#1
Client validation can be circumvented easily. You should always validate sensitive data on server, regardless of client validation. Validating them on client too is just a matter of improved user experience.
可以轻松规避客户验证。无论客户端验证如何,您都应始终验证服务器上的敏感数据。在客户端验证它们只是改善用户体验的问题。
BTW, ASP.NET validation controls do both.
顺便说一句,ASP.NET验证控件都可以。
#2
The best hybrid solution is generally to centralize your validation server-side and rely on client-side calls to the server-side stuff. This has a number of advantages:
最好的混合解决方案通常是集中验证服务器端,并依赖客户端调用服务器端的东西。这有许多优点:
- You'll only write validation code once, on the server.
- Client-side validation can be circumvented, but it doesn't matter; the server is checking everything anyway.
- You get an improved user experience at no or little additional development cost.
您只需在服务器上编写一次验证代码。
客户端验证可以被规避,但无关紧要;无论如何,服务器正在检查一切。
您可以获得更好的用户体验,无需额外的开发成本。
The primary disadvantage is that you pay twice as much for validation processing, but that's not too harsh.
主要的缺点是你需要支付两倍的验证处理费用,但这并不是太苛刻。
#3
You cannot be sure if anything like client-side validation really occurred. If javascript is not available on client side (no-script or disabled JavaScript) it never runs. On post back before any further processing you should call validate method on page using following code:
您无法确定是否真的发生了类似客户端验证的事情。如果javascript在客户端不可用(无脚本或禁用JavaScript),它永远不会运行。在进行任何进一步处理之前的回发中,您应该使用以下代码在页面上调用validate方法:
if(!IsValid)
{
//inform your user about error(s)
return;
}
//do further processing
if you have validation groups then you can call validate method with group name:
如果您有验证组,则可以使用组名称调用validate方法:
if!(Validate("groupName"))
{
//inform your user about error(s)
return;
}
//do further processing
#4
The best way would be to use the ASP.NET validation controls to present the simple 'hints' as the client (as mentioned by Mehrdad these will provide client and server side validation) and then use CustomValidators for the elements that need server interactions such as verifying usernames, etc.
最好的方法是使用ASP.NET验证控件来呈现简单的“提示”作为客户端(如Mehrdad所提到的那些将提供客户端和服务器端验证),然后将CustomValidators用于需要服务器交互的元素,如验证用户名等