In this section, we will discuss the automatically generated Details and Delete methods.
Query the Details and Delete Methods
Open the Movie controller and view the Details method.
public ActionResult Details(int? id){if (id == null){return new HttpStatusCodeResult(HttpStatusCode.BadRequest);}Movie movie = db.Movies.Find(id);if (movie == null){return HttpNotFound();}return View(movie);}
The MVC scaffolding engine adds a comment indicating that in the called HTTP request method, the GET request has three URL segments, Movies controller, Details method, and ID value.
Code First allows you to easily use the Find method to search for data. An important security feature is built into the method. Method verification firstFind
The method has found a movie and then executed other code. For example, hackers can modifyHttp: // localhost: xxxx/Movies/Details/1ToHttp: // localhost: xxxx/Movies/Details/12345(Or some other values, do not represent the actual value of the video) so that the link URL is incorrect. If you do not check whether Movie is found, null Movie may cause a data error.
ViewDelete
AndDeleteConfirmed
Method.
// GET: /Movies/Delete/5public ActionResult Delete(int? id){if (id == null){return new HttpStatusCodeResult(HttpStatusCode.BadRequest);}Movie movie = db.Movies.Find(id);if (movie == null){return HttpNotFound();}return View(movie);}// POST: /Movies/Delete/5[HttpPost, ActionName("Delete")][ValidateAntiForgeryToken]public ActionResult DeleteConfirmed(int id){Movie movie = db.Movies.Find(id);db.Movies.Remove(movie);db.SaveChanges();return RedirectToAction("Index");}
Please note that,Delete
OfHTTP Get
The method does not delete the specified movie. It returns the view for deleting the movie. You can submit (HttpPost
) Delete a movie. If you use a GET request to perform a delete operation (or perform an edit operation, create operation, or modify any other operations on the data), a security vulnerability is opened. For more information, see ASP. net mvc Tip #46-Don't use Delete Links because they create Security Holes.
TheHttpPost
Method named as a unique signature or nameDeleteConfirmed
Method. The signatures of these two methods are as follows:
// GET: /Movies/Delete/5public ActionResult Delete(int? id)//// POST: /Movies/Delete/5[HttpPost, ActionName("Delete")]public ActionResult DeleteConfirmed(int id)
When the Common Language Runtime (CLR) overload method, the method must have a unique signature (the method name is the same but different parameter lists ). However, here you need two deletion methods-one GET method and one POST method both have the same signature. (They all need to take an integer as the parameter ).
There are several ways to solve this problem. First, use different method names. This is the method used by the Framework Code in the previous example. However, this brings about a small problem: ASP. NET maps some URLs to the operation method by name. If you rename the method, generally Routing cannot find this method. The solution is as shown in the following example:ActionName("Delete")
Add propertyDeleteConfirmed
Method. This will effectively execute the Routing system Url ing, such a include/Delete/The URL of the POST request will be foundDeleteConfirmed
Method.
Another common method to avoid having the same name and signature is to artificially change the POST method, including signature without parameters. For example, if some developers Add the FormCollection parameter type, FormCollection will be passed to the POST method, and this parameter is not used at all:
public ActionResult Delete(FormCollection fcNotUsed, int id = 0){Movie movie = db.Movies.Find(id);if (movie == null){return HttpNotFound();}db.Movies.Remove(movie);db.SaveChanges();return RedirectToAction("Index");}
Summary
You now have a complete ASP. net mvc application and store data in the local DB database. You can create, read, update, delete, and search movies.
Next step
After you build and test a Web application, the next step is to provide it to others for Internet access. To do this, you need to deploy it to a Web host. If you use Microsoft's free Windows Azure trial account, you can deploy up to 10 Web sites. I suggest you ?? Next, follow the instructions in my tutorial Deploy a Secure ASP. net mvc app with Membership, OAuth, and SQL Database to a Windows Azure Web Site to learn more about deployment. In addition, a good tutorial is Tom Dykstra's intermediate Creating an Entity Framework Data Model for an ASP. net mvc Application. Stackoverflow and ASP. net mvc forums.
A good place to ask questions: ASP. net mvc forum of StackOverflow or GCDN Web software development forum. Please follow our blog so that you can obtain the updated information stream of the latest tutorial.
Any comments are welcome.