ASP.NET MVC 3 (Implementing Edit, Details, and Delete Views) (9/9)

Implementing Edit, Details, and Delete Views

Open the Movie controller and add the following Details method:

public ActionResult Details(int id)  
{ 
    Movie movie = db.Movies.Find(id); 
    if(movie == null) 
        return RedirectToAction("Index"); 
    return View("Details", movie); 
}

The code-first approach makes it easy to search for data using the Find method. An important security feature of this method is that we actually verify that we found a movie. For example, a hacker could introduce errors into the site by changing the URL created by the links from http://localhost:xxxx/Movies/Details/1 to http://localhost:xxxx/Movies/Details/12345. Without the check for a null movie, this could result in a database error.

Right-click inside the Details method and select Add View. For Scaffold template, choose Details.

Run the application and select a Details link.

Implementing an Edit View

Back in the Movie controller, add the following Edit methods:

 public ActionResult Edit(int id)  
{ 
     Movie movie = db.Movies.Find(id); 
     if (movie == null) 
         return RedirectToAction("Index"); 
 
     return View(movie); 
 } 
 
 [HttpPost] 
 public ActionResult Edit(Movie model)  
{ 
     try { 
         var movie = db.Movies.Find(model.ID); 
        
         UpdateModel(movie); 
         db.SaveChanges();    
         return RedirectToAction("Details", new { id = model.ID }); 
     } catch (Exception)  
     { 
         ModelState.AddModelError("", "Edit Failure, see inner exception"); 
     } 
 
     return View(model); 
 }

The first Edit method will be called when a user clicks one of the edit links. If the movie is found, the application will display the movie data in the Edit view. The Edit method marked with [HttpPost] takes a movie object created by the model binder from data posted in the Edit form. The model copier copies the edited data into the movie entry in the database. If any errors occur while the data is being saved to the database, the user is redirected to the Edit view with the data that was posted. Right-click inside the Edit method and select Add View. For Scaffold template, choose Edit.

Run the application, select an Edit link, and try editing some data.

Implementing a Delete View

Add the following Delete methods to the Movie controller.

public ActionResult Delete(int id)  
{ 
    Movie movie = db.Movies.Find(id); 
    if (movie == null) 
        return RedirectToAction("Index"); 
    return View(movie); 
} 
 
[HttpPost] 
public RedirectToRouteResult Delete(int id, FormCollection collection)  
{ 
    Movie movie = db.Movies.Find(id); 
    db.Movies.Remove(movie); 
    db.SaveChanges(); 
 
    return RedirectToAction("Index"); 
}

Note that the Delete method that isn't marked with [HttpPost] does not delete the data. Performing a delete operation in response to a GET request (or for that matter, performing an edit operation, create operation, or any other operation that changes data) opens up a security hole. For more information on this, see Stephen Walther's blog entry ASP.NET MVC Tip #46 — Don't use Delete Links because they create Security Holes.

Right-click inside the Delete method and select Add View. Select the Delete scaffold template.

We now have a complete MVC application that stores data in a SQL Server Express database. We can create, read, update, and delete movies.

This basic tutorial got you started making controllers, associating them with views, and passing around hard-coded data. Then we created and designed a data model. The code-first approach created a database from the data model on the fly. We retrieved the data from the database and displayed it in an HTML table. Then we added a Create form that let users add data to the database. We added validation by marking the data model with attributes from the DataAnnotations namespace. The resulting validation runs on the client and on the server. We changed the database to include a new column of data, then updated two pages to create and display this new data. Finally, we added code and view templates to support Edit, Details, and Delete actions.

I now encourage you to move on to our intermediate-level MVC Music Store tutorial and to check out the many videos and resources at http://asp.net/mvc to learn even more about ASP.NET MVC!

Enjoy!