public ActionResult Save(Movie movie) { if (!ModelState.IsValid) { var viewModel = new MovieFormViewModel(movie) { Genres = _MovieRateContext.Genres.ToList() }; return(View("MovieForm", viewModel)); } if (movie.Id == 0) { movie.DateAdded = DateTime.Now; _MovieRateContext.Movies.Add(movie); } else { var movieInDb = _MovieRateContext.Movies.Single(m => m.Id == movie.Id); movieInDb.Name = movie.Name; movieInDb.GenreId = movie.GenreId; movieInDb.NumberInStock = movie.NumberInStock; movieInDb.ReleaseDate = movie.ReleaseDate; } _MovieRateContext.SaveChanges(); return(RedirectToAction("Index", "Movies")); }
public IActionResult Save(Customer customer) { if (!ModelState.IsValid) { var viewModel = new CustomerFormViewModel { Customer = customer, MembershipTypes = _MovieRateContext.MemberShipTypes.ToList() }; return(View("CustomerForm", viewModel)); } if (customer.Id == 0) { _MovieRateContext.Customers.Add(customer); } else { var customerFromDb = _MovieRateContext.Customers.Single(c => c.Id == customer.Id); TryUpdateModelAsync(customerFromDb); // mallicious user can modify RequestData and add additional key,value pair in FormData customerFromDb.Name = customer.Name; customerFromDb.MembershipTypeId = customer.MembershipTypeId; customerFromDb.IsSubscribedToNewsletter = customer.IsSubscribedToNewsletter; customerFromDb.BirthDate = customer.BirthDate; //Mapper.Map(customer, customerFromDb); } _MovieRateContext.SaveChanges(); return(RedirectToAction("Index", "Customers")); }