ansaurus

Question

Why is the Edit code in my ASP.NET MVC application not working?

Answer 1

A:

Try changing the name of your text box from CompanyID to companyToEdit.CompanyID. Also make sure these fields are enclosed within a form (i.e., using Html.BeginForm).

David Andres 2009-09-06 06:09:21

The code works fine when I have CompanyID on the view page, the problem starts when I take that away, since I don't want the users to be touching the ID. Thanks for your fast response.

Geo 2009-09-06 06:22:20

If you need the ID, but don't want to expose it to users, then you can always add a hidden input variable via Html.Hidden.

David Andres 2009-09-06 06:25:14

Yes, but then any knowledgeable user is able to edit any other row by changing the value of the hidden field. right?

Geo 2009-09-06 06:26:21

How are they going to change it? It's not visible to them. They'll have enough information (via View Source) to do a web request completely outside of the page, but that's a different issue altogether.

David Andres 2009-09-06 06:28:13

@Geo You use a Guid then that problem is solved. Have you tried removed the (int id) part of Edit? And is the Id field readonly or does it have a setter

Chris S 2009-09-07 17:50:42

Even a GUID won't help, because a user could exchange one guid for another by looking at the source of the page, using some tool like FireBug to swap the values of fields, and then post the page. It's very hacky, and I don't believe that there is a way around this other than using server-side caching of the entire set of data. This introduces its own issues, of course.

David Andres 2009-09-07 18:23:01

Answer 2

A:

you must have the id field on the edit form so just put it like this

<%=Html.Hidden("CompanyID",Model.CompanyID) %>

Omu 2009-09-06 16:02:46

The OP wants the ID to not be written to the page in any form.

David Andres 2009-09-06 16:12:01

Answer 3

A:

you can store the id in the Session on the Edit (get) method and put it back in the Company object on the Edit (post) method

Omu 2009-09-07 17:32:04

What happens if they have multiple tabs editing multiple companies?

mxmissile 2009-09-07 17:43:01

I guess he could store a collection of "possible" id's in the session, then validate that on Post.

mxmissile 2009-09-07 17:56:02

you can put the id of the session in a html.hidden after that you receive the value from hidden field and get the id from the session

Omu 2009-09-08 08:25:53

and of course you can encode the id and put it in a html.hidden, but this is a form of showing the id in source of the page, somebody might click view source, copy the hash value and use it in the future

Omu 2009-09-08 08:29:01

Answer 4

A:

The obvious solution to the ID guessing you have suggested in the comments is to add another field to the Model called Key or similar, and make it a Guid, e.g.

public class User
{
    public int Id {get;set;}
    public Guid Key {get;set;}
}

You can then use this as a hidden field inside your View. You would benefit from making this an indexed column in the database (ideally you would make this the none-clustered primary key, and ditch the int for the Id field).

Then your view:

<%=Html.Hidden("Key",Model.Key) %>

Should automatically fill the parameter of the Controller method when it posts. If it doesn't then there may be a form tag issue.

Chris S 2009-09-07 18:08:21

Answer 5

A:

The variable name should match the textbox object name which is CompanyID or use request,form("CompanyID")

RK 2009-09-15 01:16:27

ansaurus

tags:

views:

answers:

Why is the Edit code in my ASP.NET MVC application not working?

related questions