In previous ASP.NET 1.x versions, the TextBox control set to ReadOnly could still get the modified value on the server side after the value was changed on the client side. However, in ASP.NET 2.0, this practice has been limited. . This is considered to improve application security. The following is the internal method of the TextBox control to obtain data, from which we can see the limitations of ReadOnly:
protected virtual bool LoadPostData(string postDataKey, NameValueCollection postCollection)
{
base.ValidateEvent(postDataKey);
string text1 = this.Text;
string text2 = postCollection[postDataKey];
if (!this.ReadOnly && !text1.Equals(text2, StringComparison.Ordinal))
{
this.Text = text2;
return true;
}
return false;
}
What is restricted here is only the Text attribute, and there is no restriction on the NameValueCollection of the name/value of the submitted data. Therefore, the value can still be obtained through the Request["Form Name"] method. The following example fully illustrates this point and provides a way to use ReadOnly and obtain the value through the Text property:
<%@ Page Language="C#" EnableViewState="false" %>
<!DOCTYPE html PUBLIC "-/ /W3C//DTD XHTML 1.0 Transitional//EN" " http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd ">
<script runat="server">
protected void Button1_Click(object sender , EventArgs e)
{
Response.Write("<li>TextBox1 = " + TextBox1.Text);
Response.Write("<li>TextBox2 = " + TextBox2.Text);
Response.Write("<li>TextBox3 = " + TextBox3.Text);
Response.Write("<li>Request.Form[TextBox1] = " + Request.Form[TextBox1.UniqueID]);
Response.Write("<li>Request.Form[TextBox2] = " + Request.Form[TextBox2.UniqueID]);
Response.Write("<li>Request.Form[TextBox3] = " + Request.Form[TextBox3.UniqueID]);
}
protected void Page_Load(object sender, EventArgs e)
{
TextBox3.Attributes.Add("readonly", "readonly");
}
</script>
<script type="text/javascript">
//<![CDATA[
function SetNewValue()
{
document.getElementById('<%=TextBox1.ClientID %>').value = "TextBox1 new Value";
document.getElementById('<%=TextBox2.ClientID %>').value = "TextBox2 new Value";
document.getElementById('<%=TextBox3.ClientID %>').value = "TextBox3 new Value";
}
//]]>
</script>
<html xmlns=" http://www.w3.org/1999/xhtml ">
<head runat="server">
<title>TextBox control and ReadOnly and Enabled properties in ASP.NET 2.0</title>
</head>
<body>
<form id="form1" runat="server">
<span>TextBox1 ReadOnly:</span>
<asp:TextBox ID="TextBox1" runat="server" ReadOnly="True" Text="TextBox1 Old Value"></asp:TextBox><br />
<span>TextBox2 Enabled:</span>
<asp:TextBox ID="TextBox2" runat="server" Enabled="False" Text="TextBox2 Old Value"></asp:TextBox><br />
<span>TextBox3 ReadOnly:</span>
<asp:TextBox ID="TextBox3" runat="server" Text="TextBox3 Old Value"></asp:TextBox><br />
<br />
<asp:Button ID="Button2" runat="server" Text="Modify new value" OnClientClick="SetNewValue();return false;" />
<asp:Button ID="Button1" runat="server" Text="Submit" OnClick="Button1_Click" />
</form>
</body>
</html>
For disabled TextBox, the modified value cannot be obtained on the server side. If you really want to use this attribute, then use the method of hiding the form field to achieve it.
The TextBox with the ReadOnly attribute will be displayed as such a mark on the client side:
<input readonly = "readonly">
The TextBox with the Enabled attribute will be displayed as such a mark on the client side: <input disabled="disabled">
According to W3C specifications: http:/ /www.w3.org/TR/REC-html40/interact/forms.html#h-17.12
Input set to disabled will have the following restrictions:
· Cannot receive focus · Will be skipped when using the tab key · May not Successful
inputs set to readonly will have the following restrictions:
· Can receive focus but cannot be modified · Can use the tab key to navigate · May be successful
Only successful form elements are valid data, that is, they can be submitted . The value attribute of disabled and readonly text input boxes can only be modified through scripts.