c# - MVC Check model values in form using TryUpdateModel in Controller -


i following tutorial on mvc 5, , stuck on how perform validation checks on fields entered user without binding fields in edit method.

i have edit page in place, binds fields @ start - tutorial i'm following makes clear should not this.

my original code following. since bind of fields @ start, can perform checks using vans.fieldname shown below 'if (vans.assetid == 20)'

    [httppost]     [validateantiforgerytoken]     public actionresult edit([bind(include = "assetid,batch_number,customer_account_holder,dealer_id, ")] vans__ vans)     {         if (vans.assetid == 20) //example - check if data entered assetid 20         {           //do         }         if (modelstate.isvalid)         {             db.entry(vans__).state = entitystate.modified;             db.savechanges();             return redirecttoaction("index");         }         return view(vans__);     }

in tutorial i'm following, i'm instructed not bind @ start, instead use code following: 

    public actionresult editpost(int? id)     {         if (id == null)         {             return new httpstatuscoderesult(httpstatuscode.badrequest);         }          //in here vans original values , not form.         vans__ vans = db.vans__.find(id);         //here how can check if assetid number returned form?          if (tryupdatemodel(vans, "", new string[] { "assetid" }))         {             try             {                 db.savechanges();                 return redirecttoaction("index");             }         }     }

i understand white-listing tryupdatemodel easier , safer, struggling grips how access data returned controller form.

how can access model in order me add own validation checks?

all appreciated, thanks.

this not answer.

the microsoft tutorial here (disclaimer work james , asked him learn posting question).

and write below relating why should not using original bind method james has linked. 

[httppost, actionname("edit")] [validateantiforgerytoken] public actionresult editpost(int? id) {   if (id == null)   {     return new httpstatuscoderesult(httpstatuscode.badrequest);   }   var studenttoupdate = db.students.find(id);   if (tryupdatemodel(studenttoupdate, "",    new string[] { "lastname", "firstmidname", "enrollmentdate" }))   {     try     {         db.savechanges();          return redirecttoaction("index");     }     catch (dataexception /* dex */)     {         //log error (uncomment dex variable name , add line here write log.         modelstate.addmodelerror("", "unable save changes. try again, ,      if problem persists, see system administrator.");     }   }   return view(studenttoupdate); }

these changes implement security best practice prevent overposting, scaffolder generated bind attribute , added entity created model binder entity set modified flag. code no longer recommended because bind attribute clears out pre-existing data in fields not listed in include parameter. in future, mvc controller scaffolder updated doesn't generate bind attributes edit methods.

the new code reads existing entity , calls tryupdatemodel update fields user input in posted form data. entity framework's automatic change tracking sets modified flag on entity. when savechanges method called, modified flag causes entity framework create sql statements update database row. concurrency conflicts ignored, , columns of database row updated, including user didn't change. (a later tutorial shows how handle concurrency conflicts, , if want individual fields updated in database, can set entity unchanged , set individual fields modified.)

as best practice prevent overposting, fields want updateable edit page whitelisted in tryupdatemodel parameters. there no fields you're protecting, listing fields want model binder bind ensures if add fields data model in future, they're automatically protected until explicitly add them here.

as result of these changes, method signature of httppost edit method same httpget edit method; therefore you've renamed method editpost.


Comments

Post a Comment

Popular posts from this blog

asynchronous - C# WinSCP .NET assembly: How to upload multiple files asynchronously -

i using winscp .net assembly uploading files. want upload multiple files asynchronous way. have created method works single upload. public class uploadingdata { private sessionoptions _sessionoptions; private session _session; //connection etc private void onconnected() { foreach (var fileinfo in localfileslist) { var task = task.factory.startnew(() => uploadfilesasync(fileinfo)); } } private async task uploadfilesasync(string file) { string remotefilepath = _session.translatelocalpathtoremote(file, @"/", "/test_data_upload"); var uploading = _session.putfiles(file, remotefilepath, false); //when done await task.run(() => thread.sleep(1000)); } } please suggest me correct way. thanks you can use backgroundworker class this: string[] images = new string[50]; foreach (var path in images) { backgroundworker
Read more

aws api gateway - SerializationException in posting new Records via Dynamodb Proxy Service in API -

i getting "__type": "com.amazon.coral.service#serializationexception" as reply in postman & in test console in api gateway trying post record directly dynamodb using api proxy services.. referring aws article - https://aws.amazon.com/blogs/compute/using-amazon-api-gateway-as-a-proxy-for-dynamodb/ here's mapping { "tablename": "tablenamegoeshere", "item": { "id" : "$context.requestid" "eventname" : "$input.path('$.eventname')", "timestamp" : $input.path('$.timestamp'), "answers": "$util.parsejson($input.path('$.answers'))" } } update: did asked ... , worked if try add array of json objects gives me above same error - here's trying now. please - couldnt find on google well #set($inputroot = $input.path('$')) { "tablename": "answer", "item": {
Read more

asp.net - Problems sending emails from forum -

i have been redesigning site has message board, has been written guy looked after site. it has few problems , written in .asp , uses .mdb files database. you can see whole thing here . feel free post if helps, test thing have set using original files , new database. the basic problem when posts message, supposed email sent them, have posted it. when replies, originator supposed message, replier has been posted. i’d have thought @ point in process there should script/file in postmessage.asp? the postmessage.asp page below. <% option explicit %> <!-- #include virtual="common/adovbs.inc" --> <html> <head> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <meta name="generator" content="microsoft frontpage 4.0"> <meta name="progid" content="frontpage.editor.document"> <title>new page 2</title> <base target="_self"
Read more