public ActionResult AddComment(FormCollection collection)
{
// NOTE: XSS is automatically taken care of by MVC.
try
{
var comment = collection["newComment"];
var id = int.Parse(collection["postId"]);
// TODO: Add model validation.
if (!string.IsNullOrWhiteSpace(comment))
{
var blogComment = new BlogComment()
{
PostId = id,
Comment = comment,
Created = DateTime.Now
};
_dataAccess.AddComment(blogComment);
}
return(RedirectToAction("Index", "ViewPost", new { id = id }));
}
catch (Exception ex)
{
// TODO: Log error
return(View("Error", ex));
}
}