public ActionResult AddComment(FormCollection collection) { // NOTE: XSS is automatically taken care of by MVC. try { var comment = collection["newComment"]; var id = int.Parse(collection["postId"]); // TODO: Add model validation. if (!string.IsNullOrWhiteSpace(comment)) { var blogComment = new BlogComment() { PostId = id, Comment = comment, Created = DateTime.Now }; _dataAccess.AddComment(blogComment); } return(RedirectToAction("Index", "ViewPost", new { id = id })); } catch (Exception ex) { // TODO: Log error return(View("Error", ex)); } }