• 0

[ASP.Net] Validation of Postbacks..


Question

Hey guys, I just wanted to check if I need to do this. On my page I'm getting a variable passed via the query string (Request["id"]), and on page load I check to make sure that I'm allowed to access this particular ID.

When you push an asp.net submit button, does the browser resend the ID, or is it kept server side and as such I don't need to validate it again?

Thanks :)

Link to comment
https://www.neowin.net/forum/topic/607596-aspnet-validation-of-postbacks/
Share on other sites

13 answers to this question

Recommended Posts

  • 0
  Pc_Madness said:
Hey guys, I just wanted to check if I need to do this. On my page I'm getting a variable passed via the query string (Request["id"]), and on page load I check to make sure that I'm allowed to access this particular ID.

When you push an asp.net submit button, does the browser resend the ID, or is it kept server side and as such I don't need to validate it again?

Thanks :)

If it's in the URL, it'll be sent back with the request.

  • 0
  azcodemonkey said:
If it's in the URL, it'll be sent back with the request.

Not quite true as ASP.Net pages also perform Postbacks.

In the Page_Load event, I would add this code:

if (!Page.IsPostBack)
{
	   //do validation here and if ID is invalid disable the buttons or redirect
}

This code will only get executed when the page loads and not on postbacks because the query string will not change. If the user changes the query string, the url, then it will no longer be a post back and hence the validation code would fire again.

  • 0
  whoreman said:
If you rely on the querystring I highly recommend you validate it each time you want to access it otherwise what happens if a user changes this?

Yeah, but you should validate all user input regardless of how it's entered.

  • 0
  azcodemonkey said:
Yeah, it is true. The query string is sent back in postback as well as first load. How he validates it is beside the point.
  sbauer said:
Yup, it's true.

Seems like both of you don't understand ASP.Net Page architecutre. The url gets sent to the page when the page is first requested. After that, the url does not get sent because of PostBacks. Go ahead try it. Create a blank page and add a button. Set breakpoint in page load to see the query string collection. Next, view the page with a query string variable. Once the page loads, change the query string paramter value in the url and click the button to do a post back. You will see that the QueryString collection still has the old value.

So, you should validate the QueryString parameters in the Page_Load event handler when the page first loads, when IsPostBack is false as I have showed in my previous post.

Hope this helps.

  • 0
  Pc_Madness said:
Thanks guys. :) I think I might be lazy and use a static variable to hold it instead. :)

I hope you realize the implications of making a static variable. That variable will be SHARED among all the instances of that page class. So, if multiple users are using the same page, they will be sharing the same value. Security :o risk IMO.

  • 0
  amrinders87 said:
Seems like both of you don't understand ASP.Net Page architecutre. The url gets sent to the page when the page is first requested. After that, the url does not get sent because of PostBacks. Go ahead try it. Create a blank page and add a button. Set breakpoint in page load to see the query string collection. Next, view the page with a query string variable. Once the page loads, change the query string paramter value in the url and click the button to do a post back. You will see that the QueryString collection still has the old value.

So, you should validate the QueryString parameters in the Page_Load event handler when the page first loads, when IsPostBack is false as I have showed in my previous post.

Hope this helps.

My comment was the fact that querystring values are still sent via postback. I was responding to his response, not yours. I know the architecture well, but thanks for your concern. Of course changing the querystring in the URL doesn't apply when you hit the button as it's a local change.

  • 0
  sbauer said:
My comment was the fact that querystring values are still sent via postback. I was responding to his response, not yours. I know the architecture well, but thanks for your concern. Of course changing the querystring in the URL doesn't apply when you hit the button as it's a local change.

My bad, I should I guess I should have looked at your signature :laugh:

  • 0
  amrinders87 said:
I hope you realize the implications of making a static variable. That variable will be SHARED among all the instances of that page class. So, if multiple users are using the same page, they will be sharing the same value. Security :o risk IMO.

Argh. :( I thought it was a copy of the page per user. *sigh* I miss PHP. :(

  • 0
  Pc_Madness said:
Argh. :( I thought it was a copy of the page per user. *sigh* I miss PHP. :(

Well you have full control. Static variable is shared among all instances of that class. So if two users use the application at about the same time, there will be two instances of that class and both will be sharing that single variable.

But as I have said above, you can validate the query string in Page_Load event in if the if not PostBack. Afterwards, you can use it and you should be safe.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Mass Image Compressor 4.0.2 by Razvan Serea Mass Image Compressor is a fast and easy-to-use Windows app that helps you compress, resize, and convert large sets of images quickly. The tool supports various formats including JPEG, PNG, WebP, AVIF, and GIF (including animated images), and offers precise control over output quality, image dimensions, and file naming schemes. You can reduce file sizes while keeping good quality, change image dimensions, and rename files in batches. Users can filter or preserve metadata such as EXIF, IPTC, and XMP—including selectively removing GPS or serial number information. With features like drag-and-drop, Explorer integration, multiple output folder options, and lossless optimization tools like OxiPNG and pngquant, Mass Image Compressor is ideal for photographers, designers, and developers. Features Compress multiple folders and files in one go (including optional subfolders) Seamless Windows Explorer integration via the "Send To" menu Advanced metadata copy settings (EXIF, XMP, IPTC) with filtering (e.g., strip GPS, serial numbers) Full support for Animated Images (GIF, PNG, WebP) Output to modern formats like WebP and AVIF Regex filters for filenames and size-based exclusions Suffix/Prefix options and filename text replacement for output files Powerful Preview UI with pixel-level image comparison (CTRL + T) Robust and faster RAW image support Multiple flexible output destination modes: Replace original files Output to specific folder Store next to original with suffix/prefix Inside a Compressed subfolder Flexible resizing: By percentage Long edge, fixed width/height Frame-based for print or responsive image sets (1x/2x/3x) Mass Image Compressor 4.0.2 release notes: Major Release: 4.x Series Rewritten from the ground up Complete rewrite using a modern architecture for improved scalability, performance, and responsive UI. Expanded format support: Input: JPG, PNG, WebP, TIFF, GIF, BMP, AVIF, HEIC, JP2, RAW (ARW, DNG, NEF, CR2, CR3, CRW, DCR, KDC, MRW, ORF, RAF, PEF, RW2, SRW, ERF, 3FR, MOS, MEF). Output: JPG, PNG, WebP, AVIF, GIF. New features: Animated image handling (e.g., animated WebP and GIF) Side-by-side preview for compression comparison File filters by extension, size, and visibility Multi-file drag and drop Gallery view modes for better browsing Rich compression settings (quality, resizing strategies, naming rules) Flexible output management (replace originals, custom folders, or preserve structure) Smart conflict handling with detailed warnings Throttled task scheduling for smoother UI Improved metadata support with options to preserve or exclude (e.g., GPS, camera info) Dependency Updates & Stability Magick.NET-Q8-OpenMP-x64 updated from 14.5.0 to 14.7.0 (resolves hang and security issues) Microsoft App SDK updated from 1.6.250108002 to 1.7.250606001 (stability improvements) Download: Mass Image Compressor 4.0.2 | 81.9 MB (Open Source) Download: Mass Image Compressor Portable | 114.0 MB View: Mass Image Compressor Home Page | Github | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • I wasn't mad. Sorry if I made it sound like that. Everyone is different. PERIOD.
    • Of course there are distros that are more beginner (an actual word) friendly and have less setup/configuration out of the box. This is really your argument? There is no reason to be mad because someone said they wouldn't recommend your favorite distro to a certain type of user. Are you committed to revenge now even if it takes a lifetime or something? LOL As a community we really need to move past this. New Linux users need to be helped. In the Linux subreddits the advise is even worse. So many come asking what distro to use. Sometimes they don't mention what they use their computer for and there will be 20 comments of not one person asking that and just listing the distro they personally use. That helps no one. One pet peeve of mine is sometimes one will ask what DE they should use for distro and mention they have been using Windows for 30 years. GNOME is not the damn answer! That doesn't mean GNOME is not a good DE. Understand what I am saying?
    • A lot of throwback names listed there 😀
  • Recent Achievements

    • One Year In
      Schwarzenbach earned a badge
      One Year In
    • Collaborator
      NullReference earned a badge
      Collaborator
    • Dedicated
      John Volks earned a badge
      Dedicated
    • One Month Later
      KenKay earned a badge
      One Month Later
    • Week One Done
      KenKay earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      660
    2. 2
      ATLien_0
      250
    3. 3
      Xenon
      178
    4. 4
      neufuse
      153
    5. 5
      +FloatingFatMan
      126
  • Tell a friend

    Love Neowin? Tell a friend!