发表新帖

发表新帖

Attribute [Bind(Exclude=“”)] fails to prevent over-posting

前端未结

关注

 2  1400

遇见更好的自我 2021-01-01 04:31

What is the best way to prevent MVC 4 over-posting?

According to MS sources, the [Bind] attribute is supposed to be the easiest way to prevent over-posting by preven

2条回答

一个人的身影 (楼主)

2021-01-01 05:19
If you revert back to manuel model binding, you should not have any problems. If you do not place an input for "IsAdmin" your model will retain its original value. This adds a few lines of extra code but saves a lot of time by not generating not maintaining ViewModels.
```
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Edit(Guid id, FormCollection collection)
{
    var user = db.Users.Find(id);
    if (user != null)
        TryUpdateModel(user);
    else
        return HttpNotFound();
    if (ModelState.IsValid)
    {
        db.SaveChanges();
        return RedirectToAction("Index");
    }
    return View(user);
}
```
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...

热议问题