How to: Validate with a Custom Function for ASP.NET Server Controls

If existing ASP.NET validation controls do not suit your needs, you can define a custom server-side validation function and call it using the CustomValidator control. You can also add client-side validation to check user input before the page is submitted by writing a function in ECMAScript (JavaScript) that duplicates the logic of the server-side method.

You should perform server-side validation even if you use a client-side check. Server-side validation helps prevent users from bypassing validation by disabling or changing the client script.

Security noteSecurity Note:

By default, ASP.NET Web pages automatically validate that malicious users are not attempting to send script or HTML elements to your application. For more information, see Script Exploits Overview.

To validate on the server using a custom function

  1. Add a CustomValidator control to the page and set the following properties:

    Property

    Description

    ControlToValidate

    The ID of the control you are validating.

    ErrorMessage, Text, Display

    Properties that specify the text and location of the error or errors that will display if the validation fails. For details, see How to: Control Validation Error Message Display for ASP.NET Server Controls.

  2. Create a server-based event handler for the control's ServerValidate event. This event is called to perform the validation. The method has a signature such as the following:

    ProtectedSub CustomValidator1_ServerValidate(ByVal _
       source As System.Object, ByVal args As _
       System.Web.UI.WebControls.ServerValidateEventArgs) _
       Handles CustomValidator1.ServerValidate
    EndSub
    
    protectedvoid ValidationFunctionName(object source, ServerValidateEventArgs args)
    {
    
    }
    

    The source parameter is a reference to the custom validation control raising this event. The property args.Value will contain the user input to validate. Set args.IsValid to true if the value is valid, otherwise false.

    The following code example shows how you can create custom validation. The event handler determines whether the user's entry is eight characters long or longer.

    ProtectedSub TextValidate(ByVal source As System.Object, _
       ByVal args As System.Web.UI.WebControls.ServerValidateEventArgs) _
       Handles CustomValidator1.ServerValidate
        args.IsValid = (args.Value.Length >= 8)
    EndSub
    
    protectedvoid TextValidate(object source, ServerValidateEventArgs args)
    {
        args.IsValid = (args.Value.Length >= 8);
    }
    
  3. Bind the event handler to the method using code such as the following:

    <asp:textbox id="TextBox1" runat="server"></asp:textbox>
    <asp:CustomValidator id="CustomValidator1" runat="server" 
     OnServerValidate="TextValidate" 
     ControlToValidate="TextBox1" 
     ErrorMessage="Text must be 8 or more characters.">
    </asp:CustomValidator>
    
    <asp:textbox id="TextBox1" runat="server"></asp:textbox>
    <asp:CustomValidator id="CustomValidator1" runat="server" 
      OnServerValidate="TextValidate" 
      ControlToValidate="TextBox1" 
      ErrorMessage="Text must be 8 or more characters.">
    </asp:CustomValidator>
    
  4. Add a test in your ASP.NET Web page code to check for validity. For details, see How to: Test Validity Programmatically for ASP.NET Server Controls.

To create custom validation logic on the client

  1. Create a validation function in ECMAScript (JavaScript, JScript).

    The following code example illustrates custom client-side validation. An excerpt from the page shows a TextBox control referenced by a CustomValidator control. The validation control calls a client script function named validateLength to make sure that the user has entered at least eight characters into the TextBox control.

    <script type="text/javascript">
      function validateLength(oSrc, args){
       args.IsValid = (args.Value.length >= 8);
    }
    </script>
    
    <script type="text/javascript">
      function validateLength(oSrc, args){
       args.IsValid = (args.Value.length >= 8);
    }
    </script>
    
    <asp:Textbox id="text1" runat="server" text=""></asp:Textbox>
    <asp:CustomValidator id="CustomValidator2" runat="server" 
     ControlToValidate = "text1"
     ErrorMessage = "You must enter at least 8 characters!"
     ClientValidationFunction="validateLength" >
    </asp:CustomValidator>
    
    <asp:Textbox id="text1" runat="server" text=""></asp:Textbox>
    <asp:CustomValidator id="CustomValidator2" runat="server" 
      ControlToValidate = "text1"
      ErrorMessage = "You must enter at least 8 characters!"
      ClientValidationFunction="validateLength" >
    </asp:CustomValidator>
    
  2. Add a test in your ASP.NET Web page code to check for validity. For details, see How to: Test Validity Programmatically for ASP.NET Server Controls.

See Also

Concepts

Types of Validation for ASP.NET Server Controls

Other Resources

Validation ASP.NET Controls