How to protect an asp:textbox from user input?

StackOverflow https://stackoverflow.com/questions/22096984

Question

How to protect an asp:textbox from user input?

DISABLE IT

<asp:TextBox ID="txbx" runat="Server" Text="1" Enabled="false" />

PROTECT IT

<asp:TextBox ID="txbx" runat="Server" Text="1" ReadOnly="true" />

I wish to protect the textbox as above from user input but still allow the value to be updated with javascript.

This works fine so what's the problem?

THE PROBLEM

If a textbox is disabled or readonly the updated values will not post to the server when submitted!

QUESTION

How to create a textbox that can simultaneously:

  • Be visible to the user.

  • Be protect from user input.

  • Be updated with javascript.

  • Post updated value to server.

ANSWER

The conflict occurs because when you set enabled="false" on control it is does not pass the values to the server.

However setting disabled or readonly clientside does not cause this issue.

You can set the properties clientside by using:

In code behind:

txbx.Attributes.Add("ReadOnly", "ReadOnly")
txbx.Attributes.Add("disabled", "disabled")

or by using client side controls and setting them to runat server:

<input type="text" id="txbx" readonly="readonly" runat="server" />
<input type="text" id="txbx" disabled="disabled" runat="server" />
Was it helpful?

Solution

I once got out of this situation by setting the ReadOnly property from code-behind. You can try this once.

txbx.Attributes.Add("ReadOnly", "ReadOnly");

Add this line of code in your Page_Load event.

Please inform if it works for you.

OTHER TIPS

The easiest solution, in my opinion, is to have a hidden field and read that on postback instead, that way the protected textbox is just cosmetic, the actual logic is working with a hidden field.

That said, ReadOnly = true should still work on postback, it's only Enabled = false which shouldn't postback the value.

Not very well know for some reason, but ASP.NET has special property which controls if disabled controls being sent back to the server or not: HtmlForm.SubmitDisabledControls

So what you have to do is set this property to true for your Form control

<form id="form1" submitdisabledcontrols="true" runat="server">
    <asp:TextBox ID="txbx" runat="Server" Text="1" ReadOnly="true" Enabled="false" />
</form>

you can use html input element instead, and set runat attribute to server to refer that from server ,like this:

<input type="text" name="name" id="text2" readonly="readonly" runat="server" />

its value, will be sent to server after its changed on client, while it has set as readonly

Beware: <form> does not send data for disabled inputs.

My personal solution:

  • Make original field invisible with JS

  • Write new field with the original value and make it disabled, just for show.

    var status = document.getElementById("ElementID");
status.style.visibility='hidden';
var row = status.parentNode.parentNode;
var newCol = row.insertCell(-1);
newCol.innerHTML = "<div style='padding-left: 6px'><input readonly='readonly' type='text' size='50' value='" + status.value + "' class='inputReadOnly'/></div>";

Be visible to the user.

<asp:TextBox ID="txbx" runat="Server" />

Be protect from user input.

<asp:TextBox ID="txbx" runat="Server" Text="1" Enabled="false" />
<asp:TextBox ID="txbx" runat="Server" Text="1" ReadOnly="true"  />

Be updated with javascript.
create a function and use like

<script type="text/javascript">
        var a = ($("#<%=txbx.ClientID%>"));
        a.value="assas";
</script>

Post updated value to server.
same as above

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top