Consider a situation Like this .....
asp:TextBox ID="USERNAME" runat="server" asp:TextBox
asp:RequiredFieldValidator
ID="RequiredFieldValidator1" runat="server"
ErrorMessage="USER NAME CANNOT BE BLANK" ControlToValidate="USERNAME">asp:RequiredFieldValidator
asp:Button ID="submit" runat="server" Text="SUbmit" onclick="submit_Click"
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
protected void submit_Click(object sender, EventArgs e)
{
Response.Write("I am fired.........!!!");
}
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Since we have the required field validator over there "submit_Click " works only when it is not blank...
Try to disable JavaScript on your Browser and press button. You can see Post back happen also the validator message comes but the code goes to execution by printing "I am fired.........!!!" ... So a hacker can easily destroy your validation my disabling java script in browser...
So my Friends go for this code in Button Click
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
protected void submit_Click(object sender, EventArgs e)
{
if (Page.IsValid)
{
Response.Write("I am fired.........!!!");
}
}
The intelligent .net checks this in Server side. So code will execute only if page.Isvalid=true.....
Thanks for using System.Web.UI
:)
Aavasyam varum
ReplyDeleteit should be done to avoid hacking on your web.
ReplyDelete