C# mvc2 客户端表单验证与 xval,防止发布

发布于 2024-08-29 03:25:20 字数 1220 浏览 13 评论 0原文

我正在使用 xval 在我的 asp.net mvc2 Web 应用程序中使用客户端验证。尽管当我在数字字段中输入文本时出现错误,但它仍然尝试将表单发布到数据库。不正确的值将被替换为 0 并保存到数据库中。但相反,甚至不应该尝试提交表单。有人可以帮我吗?

我已将属性设置如下:

[Property]
[ShowColumnInCrud(true, label = "FromPriceInCents")]
[Required]
//[Range(1, Int32.MaxValue)]
public virtual Int32 FromPriceInCents{ get; set; }

捕获请求的控制器如下所示;我在这部分没有收到任何错误。

[AcceptVerbs(HttpVerbs.Post)]
[Transaction]
[ValidateInput(false)]
public override ActionResult Create()
{
  //some foo happens
}

我的视图如下所示:

<div class="label"><label for="Price">FromPrice</label></div>
<div class="field">
<%= Html.TextBox("FromPriceInCents")%>
<%= Html.ValidationMessage("product.FromPriceInCents")%></div>

在视图的末尾,我有以下规则,该规则在 html 代码中生成正确的验证规则

<%= Html.ClientSideValidation<Product>("Product") %>

我希望有人可以帮助我解决这个问题,提前致谢!

编辑:4月19日 我刚刚发现有一个普通按钮正在使用,而不是输入类型=“按钮” 这可能是问题所在吗?

<button class="save" type="submit" name="save"><span>Opslaan</span></button>

I'm using xval to use client side validation in my asp.net mvc2 web-application. Despite the errors it's giving when I enter text in a numeric field, it still tries to post the form to the database. The incorrect values are being replaced by 0 and saved to the database. But instead it shouldn't even be possible to try and submit the form. Can anyone help me out here?

I've set the attributes as below:

[Property]
[ShowColumnInCrud(true, label = "FromPriceInCents")]
[Required]
//[Range(1, Int32.MaxValue)]
public virtual Int32 FromPriceInCents{ get; set; }

The controller catching the request looks as below; I'm getting no errors in this part.

[AcceptVerbs(HttpVerbs.Post)]
[Transaction]
[ValidateInput(false)]
public override ActionResult Create()
{
  //some foo happens
}

My view looks like below:

<div class="label"><label for="Price">FromPrice</label></div>
<div class="field">
<%= Html.TextBox("FromPriceInCents")%>
<%= Html.ValidationMessage("product.FromPriceInCents")%></div>

And at the end of the view i have the following rule which in html code generates the correct validation rules

<%= Html.ClientSideValidation<Product>("Product") %>

I hope someone can helps me out with this issue, thanks in advance!

EDIT: 19th April
I just found out that there is a normal button with being used instead of an input type="Button" Could this be the issue?

<button class="save" type="submit" name="save"><span>Opslaan</span></button>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

能否归途做我良人 2024-09-05 03:25:20

我首先关心的是:为什么您的应用程序首先将值保存在数据库中?虽然 xVal 是使应用程序用户友好的好方法,但您仍然必须进行服务器端验证。如果您不验证服务器上的数据 - 您就会遇到一个巨大的安全漏洞!在保存值之前尝试检查控制器中的 ModelState.IsValid 是否有效。

现在,据我所知,您正在使用注册 xVal 验证。

<%= Html.ClientSideValidation<Product>("Product") %>

它的工作方式是它为所有前缀为“Product”的控件启用客户端验证。另一方面,您的文本框的 ID 为 FromPriceInCents

因此,这里的解决方案是这样做:

<%= Html.TextBox("FromPriceInCents")%>
<%= Html.ValidationMessage("FromPriceInCents")%>

<%= Html.ClientSideValidation<Product>() %>

UPD3
我更新了帖子。修复了代码,以便不使用前缀。

另外,我编译了一个包含工作解决方案的工作解决方案。列表、编辑、创建页面、字符串和整数属性以及 xVal 验证。

public class Product
{
    [ScaffoldColumn(false)]
    public int Id { get; set; }

    [Required]
    [Range(1,50)]
    public int PriceInCents { get; set; }

    [Required]
    [StringLength(50)]
    public string Name { get; set; }
}

并在视图上

<%= Html.TextBoxFor(model => model.PriceInCents) %>
<%= Html.ValidationMessageFor(model => model.PriceInCents) %>

这是下载链接..检查一下并告诉我它是否有效
http://www.flexlabs.org/download/xValTest

My first and main concern here would be: why is your app saving the values in the database in the first place? While xVal is a good way to make the application user friendly, you still HAVE to do server side validation. If you don't validate your data on the server - you have a masive security hole! Try checking if the ModelState.IsValid in your controller before saving the values.

Now, from what I see you're registering the xVal validation using

<%= Html.ClientSideValidation<Product>("Product") %>

The way it works is it enables client side validation for all controls prefixed with "Product". Your textbox on the other hand has an id of FromPriceInCents

So the solution here would be to do this:

<%= Html.TextBox("FromPriceInCents")%>
<%= Html.ValidationMessage("FromPriceInCents")%>

<%= Html.ClientSideValidation<Product>() %>

UPD3
I updated the post. Fixed the code so that the prefix is not used.

Also, I compiled a working solution that contains a working solution. List, Edit, Create page, string and int properties, and xVal validation.

public class Product
{
    [ScaffoldColumn(false)]
    public int Id { get; set; }

    [Required]
    [Range(1,50)]
    public int PriceInCents { get; set; }

    [Required]
    [StringLength(50)]
    public string Name { get; set; }
}

and on the view

<%= Html.TextBoxFor(model => model.PriceInCents) %>
<%= Html.ValidationMessageFor(model => model.PriceInCents) %>

Here's the download link.. Check it out and tell me if it works
http://www.flexlabs.org/download/xValTest

┼── 2024-09-05 03:25:20

为什么要注释掉 Range 属性?使用您指定的属性,只要在文本框中输入任何内容,它就应该通过客户端验证。

Why do you have the Range attribute commented out? With the properties you have specified as long as anything is entered in the textbox it should pass client side validation.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文