如何从post方法导入参数

时间:2018-01-12 04:52:02

标签: asp.net asp.net-mvc asp.net-mvc-5

如何通过post方法获取名为aidx参数的get方法?  当我从当前代码开始时,它表示它没有定义。 aidx是主键,我想将该主键分配给Family列。

<div id="blogpost" class="inner-content">

<form id="formdata"action="@Url.Action("Detail", "Board")" method="post" enctype="multipart/form-data">
    <section class="inner-section">
        <div class="main_blog text-center roomy-100">
            <div class="col-sm-8 col-sm-offset-2">
                <div class="head_title text-center">
                    <h2>@Html.DisplayTextFor(m => m.Article.Title)</h2>
                       @Html.HiddenFor(m => m.Article.ArticleIDX)
                    <div class="separator_auto"></div>
                    <div class="row">
                        <div class="col-md-8" style="margin-left:6%;">
                            <p>
                                <label>분 류  : </label>
                                @Html.DisplayTextFor(m => m.Article.Category)
                            </p>
                        </div>
                        <div class="col-md-8" style="margin-left:5%;">
                            <p>
                                <label>작성자  : </label>
                                @Html.DisplayTextFor(m => m.Article.Members.Name)
                            </p>
                        </div>
                        <div class="col-md-8" style="margin-left:10.6%;">
                            <p>
                                <label>작성일  : </label>
                                @Html.DisplayTextFor(m => m.Article.ModifyDate)
                            </p>
                        </div>
                    </div>
                </div>

                <div class="row">
                    <div class="col-md-12">
                        <p>
                            <label style="font-size:x-large;">문의내용</label>
                            <br />
                            <br />
                            @Html.DisplayTextFor(m => m.Article.Contents)
                            <br />
                            <br />
                            <br />
                            <br />
                        </p>
                    </div>
                </div>
                <div class="dividewhite2"></div>
                <p>
                    @if (User.Identity.IsAuthenticated == true)
                    {
                        <button type="button" class="btn btn-sm btn-lgr-str" onclick="btnEdit()">수정하기</button>
                        <button type="button" class="btn btn-sm btn-lgr-str" onclick="btnReply()">답글달기</button>
                    }
                    <button type="button" class="btn btn-sm btn-lgr-str" onclick="javascript:history.go(-1);">목록이동</button>
                    <br />
                    <br />
                    <br />
                    <br />

                </p>
                <div>
                    @Html.Partial("_Comment", new ViewDataDictionary { { "id", Model.Article.ArticleIDX } })
                    @Html.Partial("_CommentView", new ViewDataDictionary { { "CommentIDX", ViewBag.CommentIDX }, { "idx", Model.Article.ArticleIDX } })
                </div>
            </div>
        </div>
        <div class="dividewhite8"></div>
    </section>
</form>

<script >
function btnEdit() {

    if (@User.Identity.Name.Equals(Model.Article.Members.ID).ToString().ToLower() == true)
    {
        location.replace("/Board/Edit?aidx=@Model.Article.ArticleIDX");
    }
    else
    {
        alert("권한이 없습니다.");
    }
}

function btnReply() {
    location.replace("ReplyCreate?aidx=@Model.Article.ArticleIDX");
}

    [HttpGet]
        public ActionResult ReplyCreate(int aidx)
        {
        Articles articleReply = new Articles();
        return View(articleReply);
    }

    [HttpPost]
    public ActionResult ReplyCreate(Articles replyArticles, int aidx)
    {
        try
        {
            replyArticles.Family = aidx;
            replyArticles.ModifyDate = DateTime.Now;
            replyArticles.ModifyMemberID = User.Identity.Name;

            db.Articles.Add(replyArticles);
            db.SaveChanges();

            ViewBag.Result = "OK";
        }
        catch (Exception ex)
        {
            ViewBag.Result = "FAIL";
        }
        return View(replyArticles);
    }

1 个答案:

答案 0 :(得分:0)

您的HTML和JavaScript有几个问题:

  1. 您没有提交任何内容,而是在JavaScript中重定向该页面。

  2. 如果用户未经过身份验证,您将隐藏该按钮,但每个人都可以通过JavaScript查看,复制和运行该网址。

  3. 即使您修复了#1并且您的ReplyCreate()操作被调用,它也会有2个参数,但您只发送一个(aidx)。其他参数(replyArticles)将始终为null

  4. 您的代码容易受到CSRF攻击。

  5. 要修复#1,您可以将参数添加到表单而不是JavaScript,并将按钮的类型更改为submit

    <form id="formdata"
     action="@Url.Action("Detail", "Board", null, new { aidx = Model.Article.ArticleIDX })"
     method="post" enctype="multipart/form-data">
        <div class="dividewhite2"></div>
        <p><button type="submit" class="btn btn-sm btn-lgr-str">답글달기</button></p>
    </form>
    

    或者您可以使用隐藏字段。

    要修复#2,请将表单移出表单并删除JavaScript:

    @if (User.Identity.IsAuthenticated) {
        <form id="formdata"
         action="@Url.Action("Detail", "Board", null, new { aidx = Model.Article.ArticleIDX })"
         method="post" enctype="multipart/form-data">
            <div class="dividewhite2"></div>
            <p><button type="submit" class="btn btn-sm btn-lgr-str">답글달기</button></p>
        </form>
    }
    

    要修复#3,您必须将replyArticles参数添加到表单或隐藏字段。

    要修复#4,您需要将伪造检查添加到表单和操作中。