有什么作用[绑定(不包括=" ALBUMID")注释的数据验证?什么是脚手架是什么意思? [英] What is the role of [Bind(Exclude = "AlbumId")] annotation in data validation? What does scaffolding mean?
问题描述
我按照这个教程: HTTP ://www.asp.net/mvc/tutorials/mvc-music-store/mvc-music-store-part-6
当谈到表单验证笔者说,绑定anntoations用于:
列出字段以排除或包括在绑定参数或表单值模型属性
这是有点胡言乱语,我 - 我不明白这一点。这是什么实际上意味着? 也许问题就是两个字支架具有在字典中的意思是没有任何联系。
什么是结果: [绑定(不包括=ALBUMID)] ,什么是打字的感觉: [ScaffoldColumn(假)] - 列不是默认,为什么说了一遍隐藏
命名空间MvcMusicStore.Models
{
[绑定(不包括=ALBUMID)
公共类专辑
{
[ScaffoldColumn(假)]
公众诠释ALBUMID {获得;组; }
[显示名称(体裁)
公众诠释GenreId {获得;组; }
[DisplayName的(艺术家)
公众诠释ArtistId {获得;组; }
[必需的(的ErrorMessage =相册标题是必需的)
[StringLength(160)]
公共字符串名称{获取;组; }
[必需的(的ErrorMessage =价格是必需的)
[范围(0.01,100.00,
的ErrorMessage =价格必须是0.01和100.00之间)
公共十进制价格{获得;组; }
[DisplayName的(专辑封面URL)
[StringLength(1024)]
公共字符串AlbumArtUrl {获得;组; }
公共虚拟体裁类型{获取;组; }
公共虚拟艺术家艺术家{获得;组; }
}
}
脚手架
有关它的价值我一直建立在ASP.NET MVC之上的应用程序,现在并没有超过两年有一次我曾经使用过 ScaffoldColumn 属性。而要真正回答你的问题的属性是用来告诉框架,如果该字段应该是可见的。
举个例子,如果你使用 @ Html.EditorForModel()(这个方法做了一些神奇的引擎盖下,并建立了表单输入你的模特属性),那么你视图将的没有的包含输入,列标有虚假的 ScaffoldColumn 属性。它本质上是一个快捷方式告诉框架不使场要被编辑时,它建立了图。再次,我从来没有使用 EditorForModel ,因为我建立了我的形式由专人为每路输入,因为我想更精细的控制。
绑定
在绑定属性是用来告诉框架,如果你想允许属性绑定到将数据发送到服务器(这更是一项安全功能时, )。
考虑这个动作:
[HttpPost]
公众的ActionResult DontSendMeTooMuchData(员工员工){
db.Employees.Update(员工);
}
假设员工物体看起来是这样的:
公共类Employee {
公共字符串名字{获得;组; }
公共字符串名字{获得;组; }
公共字符串为socialSecurityNumber {获得;组; }
}
现在假设我送发送了数据的HTTP POST请求:
姓=贾斯汀
&功放;姓氏= Helgerson
&功放;为socialSecurityNumber = YouShouldntLetMeUpdateThis
您刚刚更新了我的社会安全号码!坏消息熊。你如何阻止它?
[绑定(不包括=socialSecurityNumber的)
公共类Employee {
公共字符串名字{获得;组; }
公共字符串名字{获得;组; }
公共字符串为socialSecurityNumber {获得;组; }
}
现在,当执行 DontSendMeTooMuchData 方法和ASP.NET MVC模型是否结合,给你一个员工从HTTP请求对象,在 socialSecurityNumber的属性将永远不会被从请求数据填充。
再次,这是我在我的应用程序从不使用属性。还有另一种方法来解决这个问题,有其它的好处。为了怕这个答案变得太长,解决问题的方法是使用的不同的的模型,视图和数据库。我从来没有让我的数据库对象打我的看法。相反,我建立一个类专为仅包含属性我想用户提供查看使用。
I follow this tutorial: http://www.asp.net/mvc/tutorials/mvc-music-store/mvc-music-store-part-6
When talking about form validation author says that Bind anntoations is used to:
Lists fields to exclude or include when binding parameter or form values to model properties
It is little bit gibberish to me - I don't get it. What does it actually mean? Maybe the problem is the word scaffold which has to meanings in dictionary that don't have any connection to IT.
What is the result of: [Bind(Exclude = "AlbumId")] and what is the sense of typing: [ScaffoldColumn(false)] - the column is not hidden by default, why to say it again.
namespace MvcMusicStore.Models
{
[Bind(Exclude = "AlbumId")]
public class Album
{
[ScaffoldColumn(false)]
public int AlbumId { get; set; }
[DisplayName("Genre")]
public int GenreId { get; set; }
[DisplayName("Artist")]
public int ArtistId { get; set; }
[Required(ErrorMessage = "An Album Title is required")]
[StringLength(160)]
public string Title { get; set; }
[Required(ErrorMessage = "Price is required")]
[Range(0.01, 100.00,
ErrorMessage = "Price must be between 0.01 and 100.00")]
public decimal Price { get; set; }
[DisplayName("Album Art URL")]
[StringLength(1024)]
public string AlbumArtUrl { get; set; }
public virtual Genre Genre { get; set; }
public virtual Artist Artist { get; set; }
}
}
Scaffold
For what it's worth I've been building apps on top of ASP.NET MVC for over two years now and not once have I ever used the ScaffoldColumn attribute. However, to actually answer your question the attribute is used to tell the framework if the field should be visible.
As an example, if you used @Html.EditorForModel() (this method does some magic under the hood and builds out form inputs for your model properties) then your view will not contain inputs for the columns marked false in the ScaffoldColumn attribute. It's essentially a shortcut to tell the framework not to allow the field to be edited when it builds out the view. Again, I never use EditorForModel because I build out my forms by hand for each input because I want more granular control.
Bind
The Bind attribute is used to tell the framework if you want to allow the property to be bound to when sending data to the server (this is more of a security feature).
Consider this action:
[HttpPost]
public ActionResult DontSendMeTooMuchData(Employee employee) {
db.Employees.Update(employee);
}
Suppose the Employee object looks like this:
public class Employee {
public string FirstName { get; set; }
public string LastName { get; set; }
public string SocialSecurityNumber { get; set; }
}
Now suppose I send an HTTP POST request that sends up data:
FirstName=Justin
&LastName=Helgerson
&SocialSecurityNumber=YouShouldntLetMeUpdateThis
You've just updated my social security number! Bad news bears. How do you stop it?
[Bind(Exclude = "SocialSecurityNumber")]
public class Employee {
public string FirstName { get; set; }
public string LastName { get; set; }
public string SocialSecurityNumber { get; set; }
}
Now when the DontSendMeTooMuchData method is executed and ASP.NET MVC does the model binding to give you an Employee object from the HTTP request, the SocialSecurityNumber property will never be populated from the request data.
Again, this is an attribute that I never use in my applications. There is another way to solve this problem that has other benefits. For fear of this answer becoming too long, the way to solve the problem is to use different models for your view and your database. I never let my database objects hit my view. Instead I build a class specifically for use in the view which only contains the properties I want the user to provide.
这篇关于有什么作用[绑定(不包括=" ALBUMID")注释的数据验证?什么是脚手架是什么意思?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
