As I review more code and blog posts from lots of MVC sources, I still haven’t wrapped my mind around what is “posted” when a request is made. I realize MVC doesn’t support post, but I’m having trouble finding resources that can explain it well enough to understand.
Inside the controller’s public ActionResult nameOfAction(what the heck goes here?) { ... } what are my parameters?
Sometimes it looks like Visual Studio scaffolds (int id, MyObject myobject) for an Edit-style action–it includes something from my model, but not always.
Sometimes, it’s (int id, FormCollection collection) for a delete-style action. Why not use the modeled object here? Is a FormCollection object always “posted”?
Sometimes, I see (RouteInfo routeInfo) which isn’t recognized in my MVC2 Intellisense (is this MVC1 only or something?)
How can/do/should I establish these parameters? I think this will help me a lot at design time.
What gets post back from a form in MVC is the form data which includes each form element in a keyvalue pair.
If you only need this information then you would use:
MVC has some smart data model binding which takes the form data and automatically creates an object which is part of you domain model. For instance it could automatically create a Person object with the provided form data.
I believe there is a security concern with this as a user of your site may post data which is not part of your form and guess what your models are to inject their own data.
I dont think this is a massive issue though and this is the way I would go.
I think you can use the anti-forgery helper to prevent users from posting back data which is not allowed in a form. anti-forgery