-1

I've problem when the user try to edit the following fields declared in the model :

public DateTime? Fed { get; set; }
public string Feip { get; set; }

Feip contains a IP address.

The view is the following :

@model EBB.Domain.Models.CustomersEditViewModel

@{
    ViewData["Title"] = "Edit";
    Layout = "~/Views/Shared/_Layout.cshtml";
}

<h1>Edit</h1>

<h4>Customers</h4>
<hr />
<div class="row">
    <div class="col-md-4">
        <form asp-action="Edit">
            <div asp-validation-summary="ModelOnly" class="text-danger"></div>
            <input type="hidden" asp-for="item.CustomerId" />
            <div class="form-group">
                <label asp-for="item.Fed" class="control-label"></label>
                <input asp-for="item.Fed" class="form-control" />
                <span asp-validation-for="item.Fed" class="text-danger"></span>
            </div>
            <div class="form-group">
                <label asp-for="item.Feip" class="control-label"></label>
                <input asp-for="item.Feip" class="form-control" />
                <span asp-validation-for="item.Feip" class="text-danger"></span>
            </div>
            <div class="form-group">
                <input type="submit" value="Save" class="btn btn-primary" />
            </div>
        </form>
    </div>
</div>

<div>
    <a asp-action="Index">Back to List</a>
</div>

@section Scripts {
    @{await Html.RenderPartialAsync("_ValidationScriptsPartial");}
}

The controller is the following :

    // GET: Customers/Edit/5
    public async Task<IActionResult> Edit(decimal? id)
    {
        if (id == null)
        {
            return NotFound();
        }

        var customers = await _context.Customers.FindAsync(id);
        if (customers == null)
        {
            return NotFound();
        }
        CustomersEditViewModel model = new CustomersEditViewModel();
        model.item = customers;
        return View(model);
    }

    // POST: Customers/Edit/5
    // To protect from overposting attacks, please enable the specific properties you want to bind to, for 
    // more details see http://go.microsoft.com/fwlink/?LinkId=317598.
    [HttpPost]
    [ValidateAntiForgeryToken]
    public async Task<IActionResult> Edit(decimal id,CustomersEditViewModel editViewModel)
    {
        if (id != editViewModel.item.CustomerId)
        {
            return NotFound();
        }

        if (ModelState.IsValid)
        {
            try
            {
                _context.Update(editViewModel.item);
                await _context.SaveChangesAsync();
            }
            catch (DbUpdateConcurrencyException)
            {
                if (!CustomersExists(editViewModel.item.CustomerId))
                {
                    return NotFound();
                }
                else
                {
                    throw;
                }
            }
            return RedirectToAction(nameof(Index));
        }
        CustomersEditViewModel model = new CustomersEditViewModel();
        model.item = editViewModel.item;
        return View(model);
    }

The user try to do the changes in the standard edit razor view form and when change the field and save the change won't be applied.

Can someone help me please?

Simone

Simone Spagna
  • 626
  • 7
  • 27

1 Answers1

1

When you do not specify a method in a form, the browser defaults to the default method of a form, which is GET.

After a user submits your form, the browser performs a GET request to the /Customers/Edit/5 endpoint. ASP.NET MVC redirects this request to the public async Task<IActionResult> Edit(decimal? id) action in your controller.

Specifying the method in the HTML form solves your problem. <form asp-action="Edit" method="post">

When you specify the [HttpGet] attribute on the Edit(decimal? id) action, the framework will prevent performing a POST request to this action. This will help you to prevent this kind of issues in the future.

L01NL
  • 1,753
  • 1
  • 13
  • 17