Hello,
today I've got some interesting observation, that I need to explain. I've got my Person
class that is described as above:
public class Person
{
public int Id { get; set; }
public string FirstName { get; set; }
public string LastName { get; set; }
}
now in my MVC2 application I've got PersonController with following edit metod:
public ActionResult Edit(int id)
{
var permission = _service.GetPerson(id);
return View(person);
}
[HttpPost]
public ActionResult Edit(Person person)
{
if (ModelState.IsValid)
{
_service.UpdatePerson(permission);
return RedirectToAction("Index");
}
return View(person);
}
Now on my Edit.aspx
view I have form that contains only FirstName and LastName, but what suprise me when the post is done in my controller the Person
object have an Id setted correctly (which was not part of a form).
Now I guess that it's taken from the rout value of an id parameter, that is send in my action address, but is it save? I mean.. It's nice that I do not have to put hidden field for id, but is there any danger caused by mixing get and post parameters in mvc2?
And one more concern. What if I do put hidden for id. Then it will be sent both ways (get and post), so then.. which id will be used?