The use of these embedded controls enables you to eliminate hundreds of lines of custom client-side code that you have developed or will develop to perform many of these rudimentary validations. Additionally, you receive the benefit of building upon these basic validation controls to build your own custom validation controls for handling any number of recurring validation tasks.

Common Aspects of Validation Controls

When using the validation controls you should consider several common factors. First, Using validation controls will not normally reduce network traffic. When you use validation controls, validation occurs both at the client as well as at the server. Why? One of the security risks inherent in depending entirely on client-side validation is that malicious users could create their own copy of your page, eliminate the client-side validation, and submit invalid or incorrect values to the business logic of your application. By providing both clientand server-side validation you have the following two advantages:

Improved performance on most browsers (achieved by not requiring a roundtrip before discovering a blank field or incorrect entry).

Increased security and confidence that the values submitted to the application logic are within acceptable and, more importantly, expected ranges.

So how do these controls know when to generate client-side code to improve performance or when to eliminate the client-side JavaScript to prevent incompatibility or errors during validation? Natively, these controls automatically detect the user’s browser and dynamically deliver JavaScript client-side code where it is appropriate and safe, and enforce server-side validation when the browser may not support client-side validation. However, you can

force these controls to always or never use client-side validation with the following page directives:

<%@ Page ClientTarget = “DownLevel” %>

This will force the validation control to only do validation on the server whereas

<%@ Page ClientTarget = “UpLevel” %>

forces the controls to do both client-side and server-side validation of all posted values. Be aware that forcing the use of a client-side script with the UpLevel directive will ensure that all browsers, even those that do not support JavaScript, will receive client-side validation. So, be careful in using these directives. Typically, you will be better off letting these controls do the browser sniffing for you.

Display property

When displaying error messages produced during the validation process you will have control over how the message is displayed. Each control has the ability to generate error