Menu
I have a user control with a few dropdowns. I refill the dropdowns using ajax whenever one of them is changed based on the new selected value.
The value of one of these dropdowns is the final value of the user control witch I want to bind to a data field.
The problem is ASP.NET doesn't recognize values of dropdowns because they where generated in client-side. So I used a hidden field and whenever a value is selected in the dropdown I will put that value in the hidden field and I return the value of the hidden field as the user control value and everything works fine except
I'm afraid that a user might tamper the value of that hidden field to an illegal value. Is there a better way to do that?
658
If you were binding to the select a user could tamper with those values too. Just validate the hidden field like you would with any other input. And don't worry about pretty feedback, just throw an exception if the value is out of range. If someone is trying to fiddle with your form, who cares if he gets ugly errors.
I guess to answer your question more succinctly: you can't prevent tampering on the client, all you can do is validate - server side
115
Always Validate all inputs on the server side, Client side validation is added mainly to give instructions to the user and to prevent unessesary round trips.
20
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
