stackoom
  简体   繁体   中英

Is a good practice to make validation on server-side (controller) ? ASP.NET MVC

 原文  2017-09-14 12:12:04       c#/ asp.net/ asp.net-mvc

Question

Having an input from the client-side (browser), I need to perform a transaction on the server-side , on the database to be specific ( business logic ).

Is a good practice to make validations on the user input before making the transaction ? Am I violating the " Single responsibility principle " ?

EDIT: single responsibility principle - my bad, it doesn't make sense here.

Best regards.

3 answers

solution1
 7 ACCPTED  2017-09-14 12:20:01

There are several reasons why it is absolutely imperative to make validations on the server side, despite the fact that the input may have been checked on the client side:

  • There may be a different client talking to your MVC application - once authenticated, anyone capable of sending an HTTP request and process a response can talk to your back end. Someone may write code that skips validations, or maliciously pushes through bad data. Your server side must be ready for it.
  • There may be a bug in your client code - ultimately, it is your server-side code that is responsible for data consistency.
  • Time of the check is important - the state of your system may change by the time the request reaches your server. In a classic example, it may be OK to withdraw $100 at the time the validation ran on the client, but by the time the request reaches the server someone else may have already withdrawn the money from the account.

This is not a violation of single-responsibility principle, because client-side and server-side validations serve different purposes. Client-side validations serve as a visual prompt to the user of what is valid and what is invalid, while server-side validations preserve data consistency.

solution2
 2  2017-09-14 12:17:26

Is a good practice to make validations on the user input before making the transaction ?

Yes.

If a man comes to your door and says they are the Queen, do you let him in?

Similarly, you should validate server-side - since the data sent from your client (the browser) can't be trusted.

solution3
 1  2017-09-14 12:28:16

it is crucial to do server side validation, because client side validation can be passed by disabling the JavaScript or by using tools like fiddler or curl, on the other hand if you want to have a have a user friendly app client side validation will be a crucial tool to use.

Jquery validation is a front end library for client side validation

MVC Model Validation can generate both client and server side validation

Remote Attribute is a useful attribute to take a look at your case i think.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to make RequiredIf Client-side and server-side validation in ASP.NET Core 3.1 MVC? ASP.NET MVC - Unrequired server-side validation is firing Bypass server-side model validation dynamically ASP.NET MVC Instagram api server-side authentication asp.net mvc How to print server-side with asp.net mvc ASP.NET Client-side vs Server-side Validation ASP.NET Core Reuse Code for Client-Side and Server-Side Validation ASP.NET: Client-side validation, server-side action ASP.NET MVC4 server side validation ASP.NET MVC Server Side Validation With Dynamically Appended Input
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM