updatemodel | 易学教程

ASP.NET MVC UpdateModel vulnerable to hacking?

阅读更多关于 ASP.NET MVC UpdateModel vulnerable to hacking?

问题 I have an ASP.NET MVC application that is calendar-like. As per the NerdDinner example, I'm updating the results of my edit page using UpdateMethod() In my app, certain events are fully customizable and certain ones are only partially customizable. Even though the edit form for editing the partially customizable events only have those fields available, obviously someone could create their own form with the missing data and post to my site. If they do so, what's to keep someone from changing

Is the Rails update_attributes method the best choice for doing an update of a model in the database?

阅读更多关于 Is the Rails update_attributes method the best choice for doing an update of a model in the database?

问题 def update @album = Album.find(params[:id]) if @album.update_attributes(params[:album]) redirect_to(:action=>'list') else render(:action=>'edit') end end A Rails 1.1.6 tutorial that I'm covering recommends using the update_attributes method for updating a model, as in the example code from my controller listed above. Looking at the Rails documentation I'm wondering why the update method would not have been preferred, especially since it is named so logically. 回答1: Update takes an object id

Calling UpdateModel with a collection of complex data types reset all non-bound values?

阅读更多关于 Calling UpdateModel with a collection of complex data types reset all non-bound values?

I'm not sure if this is a bug in the DefaultModelBinder class or what. But UpdateModel usually doesn't change any values of the model except the ones it found a match for. Take a look at the following: [AcceptVerbs(HttpVerbs.Post)] public ViewResult Edit(List<int> Ids) { // Load list of persons from the database List<Person> people = GetFromDatabase(Ids); // shouldn't this update only the Name & Age properties of each Person object // in the collection and leave the rest of the properties (e.g. Id, Address) // with their original value (whatever they were when retrieved from the db)

ASP.NET MVC 2 problem with UpdateModel

阅读更多关于 ASP.NET MVC 2 problem with UpdateModel

问题 I'm trying to use updatemodel(myItem, formcollection) with asp.net mvc 2 but it fails with the stack trace below. at System.Web.Mvc.FormCollection.GetValue(String name) at System.Web.Mvc.DefaultModelBinder.BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext) at System.Web.Mvc.Controller.TryUpdateModel[TModel](TModel model, String prefix, String[] includeProperties, String[] excludeProperties, IValueProvider valueProvider) at System.Web.Mvc.Controller