asp.net MVC4 Introductory Tutorial (ix): query details and delete records _ self-study process

Source: Internet
Author: User

In this tutorial, you will look at the automatically generated details and delete methods.

Query details and delete records open the movie controller and view the details method.

Public ActionResult Details (int id = 0)
{
  Movie Movie = db. Movies.find (ID);
  if (movie = = null)
  {return
    httpnotfound ();
  }
  return View (movie);
}

Code-I allows you to easily use the Find method to search for data. An important security feature is built into the method. Method first verifies that the Find method has found a movie and then executes other code. For example, a hacker can change http://localhost:xxxx/Movies/Details/1 to http://localhost:xxxx/Movies/Details/12345 (or some other value that does not represent the actual movie's value), causing the link URL to appear incorrectly. If you do not detect if movie is found, null movie can cause data errors.

View the Delete and Deleteconfirmed methods.

Get:/MOVIES/DELETE/5 public
 
actionresult Delete (int id = 0)
{
  Movie Movie = db. Movies.find (ID);
  if (movie = = null)
  {return
    httpnotfound ();
  }
  return View (movie);
}
//POST:/MOVIES/DELETE/5
 
[HttpPost, ActionName ("Delete")] public
ActionResult deleteconfirmed ( int id = 0)
{
  Movie Movie = db. Movies.find (ID);
  if (movie = = null)
  {return
    httpnotfound ();
  }
  Db. Movies.remove (movie);
  Db. SaveChanges ();
  Return redirecttoaction ("Index");
}

Note that the HTTP GET method of the delete does not delete the specified movie, it returns a view of the deleted movie that you can submit (HttpPost) to delete the movie in this view. If you use a GET request to perform a delete operation (or perform an edit operation, create an operation or change any other operation of the data), a security vulnerability is opened. For more information on this, see Stephen · Walter's blog asp.net MVC Tip #46-don ' t use the Delete Links because they create security holes.

The HttpPost method that deletes the data is named the Deleteconfirmed method of the unique signature or name. The signatures of the two methods are as follows:

Get:/MOVIES/DELETE/5 public
actionresult Delete (int id = 0)
 
///
POST:/MOVIES/DELETE/5
[HttpPost, ActionName ("Delete")] public
actionresult deleteconfirmed (int id = 0)

When the common language runtime (CLR) Overloads a method, you need the method to have a uniquely unique signature (with the same method name but a different argument list). However, here you need two removal methods-a Get method and a post method that all have the same signature. (They all need to accept an integer as an argument).

There are several ways to address this. One is to use a different method name. This is the method that the framework code uses in the previous example. However, this poses a small problem: asp.net maps part of the URL to an action method by name, and if you rename the method, routing will not find the method. The workaround is that you see in the example, add the ActionName ("Delete") property to the Deleteconfirmed method. This effectively executes the URL mapping of the routing system, such that a URL containing the /delete/ POST request will find the Deleteconfirmed method.

Another common way to avoid methods with the same name and signature is to artificially change the post method, including signatures that do not use parameters. For example, some developers add parameter types Formcollection,formcollection are passed to the POST method, and then do not use this parameter at all:

Public ActionResult Delete (formcollection fcnotused, int id = 0)
{
  Movie Movie = db. Movies.find (ID);
  if (movie = = null)
  {return
    httpnotfound ();
  }
  Db. Movies.remove (movie);
  Db. SaveChanges ();
  Return redirecttoaction ("Index");
}

You now have a complete asp.net MVC application and store the data in a local DB database. You can create, read, update, delete, and search movies.

If you want to deploy your application, it's a good idea to test your application on your local IIS 7 server first. You can use this Web Platform Installer link to enable settings for the ASP.net application of the IIS server. See the deployment links below:

· Test your asp.net MVC or WebForms application on IIS 7 in seconds

· asp.net deployment Content Map

· Enabling IIS 7.x

· WEB Application Projects Deployment

Now encourages you to start learning intermediate content Creating an Entity Framework Data Model for a asp.net MVC application and MVC Music Store tutorial, browse asp.net a Rticles on MSDN, and look at a lot of videos and resources: Http://asp.net/mvc to learn more about asp.net MVC! The ASP.net MVC Forums forum is a good place to ask questions you want to know.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.