• 0

[ASP.Net] Validation of Postbacks..


Question

Hey guys, I just wanted to check if I need to do this. On my page I'm getting a variable passed via the query string (Request["id"]), and on page load I check to make sure that I'm allowed to access this particular ID.

When you push an asp.net submit button, does the browser resend the ID, or is it kept server side and as such I don't need to validate it again?

Thanks :)

Link to comment
https://www.neowin.net/forum/topic/607596-aspnet-validation-of-postbacks/
Share on other sites

13 answers to this question

Recommended Posts

  • 0
  Pc_Madness said:
Hey guys, I just wanted to check if I need to do this. On my page I'm getting a variable passed via the query string (Request["id"]), and on page load I check to make sure that I'm allowed to access this particular ID.

When you push an asp.net submit button, does the browser resend the ID, or is it kept server side and as such I don't need to validate it again?

Thanks :)

If it's in the URL, it'll be sent back with the request.

  • 0
  azcodemonkey said:
If it's in the URL, it'll be sent back with the request.

Not quite true as ASP.Net pages also perform Postbacks.

In the Page_Load event, I would add this code:

if (!Page.IsPostBack)
{
	   //do validation here and if ID is invalid disable the buttons or redirect
}

This code will only get executed when the page loads and not on postbacks because the query string will not change. If the user changes the query string, the url, then it will no longer be a post back and hence the validation code would fire again.

  • 0
  whoreman said:
If you rely on the querystring I highly recommend you validate it each time you want to access it otherwise what happens if a user changes this?

Yeah, but you should validate all user input regardless of how it's entered.

  • 0
  azcodemonkey said:
Yeah, it is true. The query string is sent back in postback as well as first load. How he validates it is beside the point.
  sbauer said:
Yup, it's true.

Seems like both of you don't understand ASP.Net Page architecutre. The url gets sent to the page when the page is first requested. After that, the url does not get sent because of PostBacks. Go ahead try it. Create a blank page and add a button. Set breakpoint in page load to see the query string collection. Next, view the page with a query string variable. Once the page loads, change the query string paramter value in the url and click the button to do a post back. You will see that the QueryString collection still has the old value.

So, you should validate the QueryString parameters in the Page_Load event handler when the page first loads, when IsPostBack is false as I have showed in my previous post.

Hope this helps.

  • 0
  Pc_Madness said:
Thanks guys. :) I think I might be lazy and use a static variable to hold it instead. :)

I hope you realize the implications of making a static variable. That variable will be SHARED among all the instances of that page class. So, if multiple users are using the same page, they will be sharing the same value. Security :o risk IMO.

  • 0
  amrinders87 said:
Seems like both of you don't understand ASP.Net Page architecutre. The url gets sent to the page when the page is first requested. After that, the url does not get sent because of PostBacks. Go ahead try it. Create a blank page and add a button. Set breakpoint in page load to see the query string collection. Next, view the page with a query string variable. Once the page loads, change the query string paramter value in the url and click the button to do a post back. You will see that the QueryString collection still has the old value.

So, you should validate the QueryString parameters in the Page_Load event handler when the page first loads, when IsPostBack is false as I have showed in my previous post.

Hope this helps.

My comment was the fact that querystring values are still sent via postback. I was responding to his response, not yours. I know the architecture well, but thanks for your concern. Of course changing the querystring in the URL doesn't apply when you hit the button as it's a local change.

  • 0
  sbauer said:
My comment was the fact that querystring values are still sent via postback. I was responding to his response, not yours. I know the architecture well, but thanks for your concern. Of course changing the querystring in the URL doesn't apply when you hit the button as it's a local change.

My bad, I should I guess I should have looked at your signature :laugh:

  • 0
  amrinders87 said:
I hope you realize the implications of making a static variable. That variable will be SHARED among all the instances of that page class. So, if multiple users are using the same page, they will be sharing the same value. Security :o risk IMO.

Argh. :( I thought it was a copy of the page per user. *sigh* I miss PHP. :(

  • 0
  Pc_Madness said:
Argh. :( I thought it was a copy of the page per user. *sigh* I miss PHP. :(

Well you have full control. Static variable is shared among all instances of that class. So if two users use the application at about the same time, there will be two instances of that class and both will be sharing that single variable.

But as I have said above, you can validate the query string in Page_Load event in if the if not PostBack. Afterwards, you can use it and you should be safe.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • good grief .... first brittney murphy in the first run now him
    • I do not think that Windows 11 will pick up pace as October 2025 draws near. Even though I was a Windows Vista fan back in the day, this really reminds me of the (lack of) transition between Windows XP to Windows Vista. In the end, Microsoft had to backtrack and extend Windows XP support until Windows 7 was adopted.
    • How many minutes until they rename this? Outside of the search engine itself, it seems anything with the Bing name attached quickly gets renamed.
    • Save 15% on the Insta360 Link 2 4K Webcam, now available at the lowest price by Taras Buria Insta360 is known for its high-quality 360-cameras, but the company also offers high-end webcams for those who want to elevate their video calls or streaming. Right now, the Insta360 Link 2 4K webcam is available at a new all-time low price, saving you 15% off the standard MSRP. The Insta360 Link 2 is not your standard 4K webcam. This camera is mounted on a two-axis gimbal that physically pans and tilts to follow you as you move around the room. You can also set boundaries to prevent the camera from capturing certain areas and control it with gestures for a hands-free experience. The camera itself has a large 1/2" 4K sensor that captures more light and details with HDR and low-light mode support. A larger sensor also means a more natural bokeh effect. Built-in microphones support voice focus and voice suppression, and the camera can balance your voice with background music. Other features include additional modes, such as whiteboard mode, DeskView mode, portrait mode, and privacy mode. The latter tilts the camera down after 10 seconds of inactivity (you can also push it down manually). The Insta360 Link 2 is also remotely operated with a dedicated phone app, plus its desktop software lets you adjust features like background, filters, and more. Insta360 Link 2 4K Webcam - $169.99 | 15% off on Amazon US Insta360 Link 2 4K Webcam Tripod Bundle - $195 | 15% off on Amazon US This Amazon deal is US-specific and not available in other regions unless specified. If you don't like it or want to look at more options, check out the Amazon US deals page here. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. As an Amazon Associate, we earn from qualifying purchases.
    • RIP Jonathan Joss aka John Redcorn https://www.nbcnews.com/news/us-news/jonathan-joss-king-hill-voice-actor-killed-san-antonio-shooting-rcna210437
  • Recent Achievements

    • Week One Done
      Nullun earned a badge
      Week One Done
    • First Post
      sultangris earned a badge
      First Post
    • Reacting Well
      sultangris earned a badge
      Reacting Well
    • First Post
      ClarkB earned a badge
      First Post
    • Week One Done
      Epaminombas earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      160
    2. 2
      ATLien_0
      124
    3. 3
      Xenon
      120
    4. 4
      snowy owl
      109
    5. 5
      +Edouard
      97
  • Tell a friend

    Love Neowin? Tell a friend!