Friday, 21 December 2012

Validating User Input with C#


The purpose of the validation controls is to validate the user input. Asp.net provides the developer with different types of validation controls. One most important point to note is that the validation is done on the client side as well as on the server side. You can always turn the validation on the client side off using the enable client side property to false. Lets see the difference between the client side validation and the server side validation.
Client side validation
When you place validation code on the client side, validation does not require a postback operation and provides fast responses to the user. However, because the validation code is outside the Web Server, it might be possible for the client to spoof the Web Server with invalid data. The addition to this, client-side validation requires the client to be capable of running scripts. That might be an issue with old browsers and some new browsers in which users turn off script execution thinking that scripts are unsafe. This client-side validation should never be used as the only validation technique to validate data on a Web page.
Server Side Validation
When the validation code is placed the server side, the process of validation might be slow because a form might involve multiple roundtrips to the Web Server before all the data is validated. On the other hand, because the Web Server is performing all the validation, you can trust the validated data. Server-side validation works well with even primitive browsers because it does not assume any specific browser capabilities.

SqlServer Mode



State variables are stored in a database, allowing session variables to be persisted across ASP.NET process shutdowns. The main advantage of this mode is that it allows the application to balance load on a server cluster, sharing sessions between servers. This is the slowest method of session state management in ASP.NET.

In-Process Mode



The session variables are maintained within the ASP.NET process. This is the fastest way; however, in this mode the variables are destroyed when the ASP.NET process is recycled or shut down.

Session state



Server-side Session state is held by a collection of user-defined session variables that are persistent during a user session. These variables, accessed using the Session collection, are unique to each session instance. The variables can be set to be automatically destroyed after a defined time of inactivity even if the session does not end. Client-side user session is maintained by either a cookieor by encoding the session ID in the URL itself.[6]
ASP.NET supports three modes of persistence for server-side session variables

State management



ASP.NET applications are hosted by a Web server and are accessed using the statelessHTTP protocol. As such, if an application uses stateful interaction, it has to implement state management on its own. ASP.NET provides various functions for state management. Conceptually, Microsoft treats "state" as GUIstate. Problems may arise if an application needs to keep track of "data state"; for example, a finite-state machine which may be in a transient state between requests (lazy evaluation) or which takes a long time to initialize. State management in ASP.NET pages with authentication can makeWeb scraping difficult or impossible.

Directives A directive is special instructions on how ASP.NET should process the page.[5] The most common directive is <%@ Page %> which can specify many attributes used by the ASP.NET page parser and compiler.


<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "---//W3C//DTD XHTML 1.0  //EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
  protected void Page_Load(object sender, EventArgs e)
  {
    // Assign the datetime to label control
    lbl1.Text = DateTime.Now.ToLongTimeString();
 
  }
</script>
 
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
  <title>Sample page</title>
</head>
<body>
  <form id="form1" runat="server">
 
 
      The current time is: <asp:Label runat="server" id="lbl1" />
 
  </form>
</body>
</html>