问题描述
我正在开发一个asp.net mvc应用程序.
I am working on an asp.net mvc application.
这是我在应用程序中一直遵循的方法.
This is the approach that i am following right through the application.
这是我的模特:
public class EmployeeModel
{
//Properties
// Constructors
// Methods
}
我的视图:(使用模型属性强烈键入),例如:Some Edit View
My View: (strongly typed with model Properties) for example : Some Edit View
我的控制器:
[httppost]
public void save(Employeemodel m) // ajax call that gets updated model details
{
m.update() // making database call from controller action
}
我的MVC方法是否存在任何严重的设计问题.可能是我误解了MVC吗?
Are there any serious design issues with my approach of MVC. May be i mis understood MVC?
在控制器动作中调用模型方法(m.update())是否合适?
Is it appropriate to call model methods(m.update() ) in controller action?
模型包含操作数据的方法?正确吗?
Model contains methods that manipulate data ? IS it correct?
请帮助/建议在MVC中遵循的正确方法
please help/suggest the correct approach to follow in MVC
推荐答案
通常,您现在应该遵循这种方法.尽管这是接受整个模型作为参数的默认MVC行为,但是您应该有一个中间层,称为DTO(Data Transfer Object)或代表UI的ViewModel.在接受并验证View模型后,您可以将其转换为您的主要业务实体.当然,这取决于您如何在更新方法中编写代码,但是这种情况的主要破解方法是....任何主体都可以将任何已知的属性值传递给此方法,并且可以入侵您的系统.例如,假设您在 Employeemodel 中具有以下值{ID,名称,安全码,...}
In general practice you should now follow this methodology.Although this is the default MVC behavior of accepting entire model as an argument you should have a middle layer called as DTO(Data Transfer Object) or ViewModel which represents UI.And after accepting and validating View model you can transform it to your main business entity.Offcouse it depends how you have written code in your update method but the main hack is this case is that.... any body can pass any known property value to this method and can hack your system. for example suppose you have following values in your Employeemodel{ Id, Name, SecurityCode, ...}
,您的编辑屏幕只需输入名称即可进行更新.任何机构都可以为SecurityCode添加额外的html并为其添加错误的值:)我希望我不要让你感到困惑.首先,尝试实现Repository pattern MVC ... Google,您将找到它的基本用法.:)
and your edit screen just have Name input to update it. Any body can add extra html for SecurityCode and can add bad value to it :)I hope i didn't confused you.For start try to implement Repository pattern MVC... Google it and you'll find the basic usage of it. :)
欢呼
这篇关于如何在ASP.NET MVC中的控制器中调用模型方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!