locked
Validate non-required fields. RRS feed

  • Question

  • User-789916156 posted

    I have been playing around with the CreateUser Wizard these past few days and have modified the template successfully, but I've run into a snag. Along with the standard wizard fields I have added 5 custom fields: Title, FName, MidInit, LName, & Suffix. I validate the FName & LName as required fields and that works fine.

    asp:RequiredFieldValidator

    The Title, MidInit & Suffix are not required fields and tried to validate them with the asp BaseValidator:

    <td>
         <asp:TextBox ID="txtMidInit" runat="server" MaxLength="1"></asp:TextBox>
         <asp:BaseValidator ControlToValidate="txtMidInit" />
    </td>

    But I get an error by the IDE with a green squiggly line saying the BaseValidator is not a known element. FYI - this is the exact same place I would put the asp:RequiredfieldValidator which is accepted just fine.

    Also, what just is being validated? I want to be sure I don't get any malicious attacks through the entries.

    So am I using this validation the wrong way?

    Thanks

    Gary

    Thursday, December 4, 2014 8:58 PM

Answers

  • User-821857111 posted

    BaseValidator acts as the base class for validation controls. It's abstract so should not be instantiated and there is no BaseValidator control. Usually, the best way to validate is to check for acceptable values/ranges (whiltelist validation) rather than trying to prevent non-acceptable values (blacklist validation). That way you don't have to worry about the thousands of possible non-acceptable values.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, December 5, 2014 12:26 PM

All replies

  • User-821857111 posted

    You shouldn't use BaseValidator in your aspx. For your requirement, you can a use RegularExpressionValidator with the following pattern:

    $[a-zA-Z]{1}$


    Friday, December 5, 2014 3:56 AM
  • User-789916156 posted

    Thanks Mike,

    So is the term BaseValidator a placeholder descriptor for all the other validation methods like RegularExpressionValidator? Because if it is the Microsoft MSDN site is misleading in that it implies that the term BaseValidator is an element in of itself and does a set of base validations.

    Also I am somewhat new to ASP and am pretty concerned about securing my site from malicious attacks. I have been reading throughout MS's & the MSDN sites to find standard ways to protect my site. For the most part I get a lot of theory & overviews with very little meat. So I have taken to writing my own routines to test each and every entry a user could make to determine that it passes and is not a threat. However since I am only 1 guy I am sure my routines do not cover the thousands of threats that could be out there.

    So is there any articles -Not Theory- but actual techniques/code that developers have used & put into practice that actually secure the site.

    Thanks again.

    Gary

    Friday, December 5, 2014 9:29 AM
  • User-760709272 posted

    MSDN site is misleading in that it implies that the term BaseValidator is an element in of itself and does a set of base validations.

    MSDN says

    "Serves as the abstract base class for validation controls"

    This means that you don't use it on its own, it is a base for other controls, ie something other controls inherit from.  The reason you can't use it is because it is marked as abstract which means you can't create new instances of it, it can only be created as part of a base class for something else.

    Friday, December 5, 2014 9:39 AM
  • User-821857111 posted

    BaseValidator acts as the base class for validation controls. It's abstract so should not be instantiated and there is no BaseValidator control. Usually, the best way to validate is to check for acceptable values/ranges (whiltelist validation) rather than trying to prevent non-acceptable values (blacklist validation). That way you don't have to worry about the thousands of possible non-acceptable values.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, December 5, 2014 12:26 PM
  • User-1199946673 posted

    Also I am somewhat new to ASP and am pretty concerned about securing my site from malicious attacks

    A very common attack is SQL injection. Read this article of Mike how to prevent that

    http://www.mikesdotnetting.com/article/113/preventing-sql-injection-in-asp-net

    Friday, December 5, 2014 6:37 PM