Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am creating a TextBox using the html helper methods in my View.
@Html.TextBoxFor(m => m.Address, new { @readonly = "readonly" })
I would like this textbox to retain its value when posted, even if a malicious user tries to change it.
I am testing my code in IE, and can easily use the developer tools to remove the attribute “readonly”.
Is there any implementation in MVC3 to retain values for the textboxes when posting? I am trying to avoid going to the database to get the original value.
No, there isn’t. This is not possible. If you have sent the value up to the client you can no longer trust it. As you have already discovered it is trivial for the user to change the value of hidden and readonly fields. So if those values aren’t meant to be modified by the user they should not even be part of the HTML. You should keep them on the server. Well, actually you could display them as readonly fields just for information to the user but when the form is submitted never use this value but use the real value that is stored on your server (maybe in a database or whatever persistent store you are using).