I know to never trust user input, since undesirable input could be compromise the application's integrity in some way, be it accidental or intentional; however, is there a case for calling Page.IsValid even when no validation controls are on the page (again, I know its bad practice to be trusting user input by omitting validation)? Does Page.IsValid perform any other kinds of validation? I looked at MSDN, and the docs seem to suggest that Page.IsValid is only effective if there are validation controls on the page, or the Page.Validate method has been called. A friend of mine suggested that I always check Page.IsValid in the button click handlers every time even if there are no validation controls or explicit Page.Validate calls.
I would be the first to tell you that "All input is evil until proven otherwise." However, in this case, I think your friend is mistaken because by his/her logic we could probably come up with a hundred other properties that should be checked or set, even though the defaults are okay.
Checking Page.IsValid
only makes sense if you have a "CausesValidation" scenario - a button that submitted the form has its CausesValidation
property set to True. This would automatically call Page.Validate
and all Validation controls belonging to the same ValidationGroup
would be checked for validity.
Edit:
Just checked it using Reflector and the function will always return True if the Page does not have any Validators(ValidatorCollection is null).
You can check the validity of a Page by checking the Page.IsValid property, your purpose to check the Page.IsValid might vary like
So when/where can you call Page.IsValid
You can check Page.IsValid in the page life cycle if the place/time invoked satisfies the above criteria; otherwise the Page.IsValid will result in the System.Web.HttpException being thrown.
You should use Page.IsValid where it makes sense; like in the postback event handlers of input controls(with CausesValidation=true) and require the state of the page to be valid to perform their task correctly. (if you have server side validated validators or validators with client side validation switched off it becomes a MUST).
protected void btnSave_Click(object sender, EventArgs e)
{
//Note that there might be ServerSideValidation which evaluated to false.
if (!Page.IsValid)
return;
CurrentEntity.Save();
}
Finally note that Page.IsValid only checks for validation errors in the validator controls on your page, it all depends on what your validator controls do.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With