MVC中的HttpPost vs HttpGet属性:为什么要使用HttpPost?
[英]HttpPost vs HttpGet attributes in MVC: Why use HttpPost?
问题描述
So we have [HttpPost], which is an optional attribute. 
所以我们有[HttpPost],它是一个可选属性。 I understand this restricts the call so it can only be made by an HTTP POST request. 据我所知,这会限制调用,因此只能通过HTTP POST请求进行调用。 My question is why would I want to do this? 我的问题是为什么我要这样做?
4 个解决方案
解决方案1
57 已采纳 2011-03-16 21:54:01
Imagine the following: 想象一下:
[HttpGet]
public ActionResult Edit(int id) { ... }
[HttpPost]
public ActionResult Edit(MyEditViewModel myEditViewModel) { ... }
This wouldn't be possible unless the ActionMethodSelectorAttributes HttpGet and HttpPost where used. 除非使用了ActionMethodSelectorAttributes HttpGet和HttpPost ,否则这是不可能的。 This makes it really simple to create an edit view. 这使得创建编辑视图变得非常简单。 All the action links just points right back to the controller. 所有动作链接都只是指向控制器。 If the view model validates false, you just pop right back to the edit view again. 如果视图模型验证为false,则只需再次弹回编辑视图。
I will be bold and say this is best practice when it comes to CRUDish things in ASP.NET MVC. 我将大胆地说,这是ASP.NET MVC中CRUDish的最佳实践。
EDIT: 编辑:
@TheLight asked what was needed in the view to accomplish the post. @TheLight询问视图中需要什么来完成这个帖子。 It's simply just a form with method POST. 它只是一个方法POST的表单。
Using Razor, this would look something like this. 使用Razor,这看起来像这样。
@using (Html.BeginForm())
{
<input type="text" placeholder="Enter email" name="email" />
<input type="submit" value="Sign Up" />
}
This renders the following HTML: 这将呈现以下HTML:
<form action="/MyController/Edit" method="post">
<input type="text" name="email" placeholder="Enter email">
<input type="submit" value="Sign Up">
</form>
When the form is submitted, it will perform an Http Post request to the controller. 提交表单时,它将向控制器执行Http Post请求。 The action with the HttpPost attribute will handle the request. 具有HttpPost属性的操作将处理该请求。
解决方案2
9 2011-03-16 21:57:19
Its so you can have multiple Actions that use the same name, you can use the HttpPost attribute to mark which method gets handled on a Post request like so: 因此,您可以使用多个使用相同名称的Actions,您可以使用HttpPost属性来标记在Post请求上处理哪个方法,如下所示:
public ActionResult ContactUs()
{
return View();
}
[HttpPost]
public ActionResult ContactUs(ContactUsModel model)
{
//do something with model
return View();
}
解决方案3
9 2012-03-20 20:41:16
As far as best practices for HttpGet and HttpPost, it is good practice in any web development to use HttpPost for Creates, Updates, and Deletes (data modification). 对于HttpGet和HttpPost的最佳实践,在任何Web开发中使用HttpPost进行创建,更新和删除(数据修改)都是很好的做法。 Post are good, because they require a form submission, which prevents users from clicking poisoned links(eg [ https://www.mysite.com/Delete/1] ) in emails, social sites, etc. and changing data inadvertently. 帖子很好,因为它们需要提交表单,以防止用户在电子邮件,社交网站等中点击有毒链接(例如[ https://www.mysite.com/Delete/1] )并无意中更改数据。 If you are basically just Reading data HttpGet works great. 如果你基本上只是阅读数据HttpGet工作得很好。
See OWASP for more in-depth security considerations and why the validation token increases security. 有关更深入的安全性考虑因素以及验证令牌提高安全性的原因,请参阅OWASP 。
解决方案4
2 2011-03-16 21:53:57
This is mainly so that you can have two Actions with the same name, one which is used on GETs and perhaps displays a form for user entry and the other being used on POSTs when the user submits the form displayed by the original GET. 这主要是为了使您可以拥有两个具有相同名称的动作,一个用于GET并且可能显示用于用户输入的表单,另一个用于在用户提交原始GET显示的表单时在POST上使用。 If the Actions are not differentiated in this way, an error will occur due to being unable to resolve which Action is intended to handle the request. 如果不以这种方式区分操作,则由于无法解析哪个Action旨在处理请求而发生错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.