예제 #1
0
        public ActionResult Edit_Post(int id) // lesson 21 wanted to use ([Bind(exclude="Name")]Class1 class1) but must omit [required] in model which would change expected create behaviour // before lesson 20 (Class1 class1)
        {
            /*
             * lesson 22 isn't needed because IClass1 interface and Bind would still need to omit [required] in model *same as lesson 21
             */

            Class1Context class1Context = new Class1Context();

            /*
             * added at lesson 20
             */
            Class1 class1 = class1Context.Class1S.Single(e => e.SomeId == id);

            UpdateModel(class1, null, null, new[] { "name" });// take note that it is case insensitive

            if (ModelState.IsValid)
            {
                /*
                 * Moved up at lesson 20
                 * Class1Context class1Context = new Class1Context();
                 */

                class1Context.Class1S.AddOrUpdate(class1);
                class1Context.SaveChanges();

                return(RedirectToAction("E"));
            }

            return(View(class1));
        }
예제 #2
0
        public ActionResult Delete_Post(int id)
        {
            Class1Context class1Context = new Class1Context();
            Class1        class1        = class1Context.Class1S.Single(e => e.SomeId == id);

            class1Context.Class1S.Remove(class1);
            class1Context.SaveChanges();
            return(RedirectToAction("E"));
        }
예제 #3
0
        public ActionResult Create_Post(string name)//lesson 15 at start only (Class1 class1)//lesson 14 (string name, string something) //lesson13 (FormCollection formCollection)
        {
            //for lesson 55 and 56 XSS using name property to prevent non-Replaced tags
            StringBuilder stringBuilder = new StringBuilder();

            stringBuilder.Append(HttpUtility.HtmlEncode(name));
            stringBuilder.Replace("&lt;b&gt;", "<b>");
            stringBuilder.Replace("&lt;/b&gt;", "</b>");
            stringBuilder.Replace("&lt;u&gt;", "<u>");
            stringBuilder.Replace("&lt;/u&gt;", "</u>");

            /*
             * added on lesson 16
             */
            Class1 class1 = new Class1();

            TryUpdateModel(class1);

            /* lesson 15 omitted these
             * Class1 class1 = new Class1();
             * class1.Name = name; //lesson13 version formCollection["Name"];
             * class1.Something = something; //lesson13 version formCollection["Something"];
             */
            /*
             * added on lesson 15
             */
            if (ModelState.IsValid)
            {
                //for lesson 55 and 56 XSS using name property
                class1.Name = stringBuilder.ToString();

                /*
                 * omitted by lesson 16
                 * Class1 class1 = new Class1();
                 * UpdateModel(class1);*/

                Class1Context class1Context = new Class1Context();
                class1Context.Class1S.Add(class1);
                class1Context.SaveChanges();

                return(RedirectToAction("E"));
            }
            return(View());

            /*
             * before database this one was used to view on same create page
             * foreach (string key in formCollection.AllKeys)
             * {
             *  if (key == "__RequestVerificationToken")
             *      continue;
             *  Response.Write(key + " = ");
             *  Response.Write(formCollection[key]);
             *  Response.Write("<br/>");
             * }
             * return View();
             */
        }