best practice for form submission
I'm currently planning a robust form for a client that involves a lot of input. And I am looking for some best practices or opinions regarding submission. I need to use asp.net and i work in jquery, c# and other .net frameworks.
So my question(s):
What is the best way to submit a form?- Should I validate using Javascript Client-side and server-side?
- Whats the best way to validate server side? (asp.net C#) (edit: Whats the actual best practice for that, use the asp:requiredfieldvalidator etc or just write rules in the code behind? Throw errors? what do you think?)
- Is it okay to use ajax to send the info to a public web method?
- Are there security risks in using public web methods
What tactics do you use?- (edit) How do you def开发者_Python百科end against people pressing esc or the x in the url bar when saving? (Im under the influence that stops your request in its tracks
- Yes, it makes a nicer user experience
- Using ASP.NET validators http://msdn.microsoft.com/en-us/library/debza5t0.aspx
- Generally yes, but ASP usually needs a postback for anything to work.
- If your form is encrypted, the target should be encrypted too
- Be careful to not make complex ASP forms do stuff async. Plain ASP forms work well.
Should I validate using Javascript Client-side and server-side? YES.
Whats the best way to validate server side? Make sure all the fields are valid, return a HTTP 400 error if not - Intercept that error w/ your AJAX handler and display an appropriate error. If you don't use AJAX, respond w/ a 200 that returns a complete error page
Is it okay to use ajax to send the info to a public web method? Sure, why not?
Are there security risks in using public web methods? YES. w/o SSL, data is subject to being intercepted and/or modified by malicious attackers
What tactics do you use? Huh?
精彩评论