//[ValidateAntiForgeryToken]特性用来防止伪造的跨站请求,配合表单中的@Html.AntiForgeryToken()使用
//对数据进行增删改时要防止csrf攻击!
//该特性表示检测服务器请求是否被篡改。注意:该特性只能用于post请求,get请求无效。
public ActionResult GoodsEdit(Goods goods)
{
//[Bind(Include = "Goods_id,GoodsName,GoodsImage,GoodsJianjie,GoodsDetails,AddTime,Price,Count,GoodsK_id")]
//使用Bind属性的目的是限制用户在提交form表单时使用合适且正确的值。当我们提交一个表单时,就会检查每一个实体上绑定的特性。
//Bind属性是一个重要的安全机制,可以防止黑客攻击。
if (ModelState.IsValid)
{
HttpPostedFileBase postimage1 = Request.Files["GoodsImage"];
if (postimage1 != null)
{
string filePath = postimage1.FileName;
string filename = filePath.Substring(filePath.LastIndexOf("\\") + 1);
string serverpath = Server.MapPath(@"\Images\goods\") + filename;
string relativepath = @"/Images/goods/" + filename;
postimage1.SaveAs(serverpath);
goods.GoodsImage = relativepath;
}
db.SaveChanges();
goodsmanager.EditGoods(goods);
return(RedirectToAction("Index"));
}
ViewBag.GoodsK_id = new SelectList(db.GoodsK, "GoodsK_id", "GoodsKName", goods.GoodsK_id);
return(View(goods));
}
public async Task <ActionResult> EditGood(CreateGoodViewModel model)
{
if (ModelState.IsValid)
{
IBLL.IGoodsManager goodsManager = new GoodsManager();
await goodsManager.EditGoods(model.Id, model.Name, model.ImgsUrl, model.Price, model.PriceOld);
return(RedirectToAction("GoodsList"));
}
else
{
return(View(model));
}
}