asp.net-mvc MVC 中的 HttpPost 与 HttpGet 属性:为什么使用 HttpPost?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5332275/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
HttpPost vs HttpGet attributes in MVC: Why use HttpPost?
提问by Shane Courtrille
So we have [HttpPost], which is an optional attribute. I understand this restricts the call so it can only be made by an HTTP POST request. My question is why would I want to do this?
所以我们有 [HttpPost],这是一个可选属性。我知道这限制了调用,因此它只能通过 HTTP POST 请求进行。我的问题是我为什么要这样做?
回答by Mikael ?stberg
Imagine the following:
想象一下:
[HttpGet]
public ActionResult Edit(int id) { ... }
[HttpPost]
public ActionResult Edit(MyEditViewModel myEditViewModel) { ... }
This wouldn't be possible unless the ActionMethodSelectorAttributesHttpGetand HttpPostwhere used.
This makes it really simple to create an edit view. All the action links just points right back to the controller. If the view model validates false, you just pop right back to the edit view again.
除非ActionMethodSelectorAttributesHttpGet和HttpPost在何处使用,否则这是不可能的。这使得创建编辑视图变得非常简单。所有的动作链接都直接指向控制器。如果视图模型验证为 false,您只需再次弹出编辑视图。
I will be bold and say this is best practice when it comes to CRUDish things in ASP.NET MVC.
我会大胆地说,当涉及 ASP.NET MVC 中的 CRUDish 事物时,这是最佳实践。
EDIT:
编辑:
@TheLight asked what was needed in the view to accomplish the post. It's simply just a form with method POST.
@TheLight 询问视图中需要什么来完成帖子。它只是一个带有 POST 方法的表单。
Using Razor, this would look something like this.
使用 Razor,这看起来像这样。
@using (Html.BeginForm())
{
<input type="text" placeholder="Enter email" name="email" />
<input type="submit" value="Sign Up" />
}
This renders the following HTML:
这将呈现以下 HTML:
<form action="/MyController/Edit" method="post">
<input type="text" name="email" placeholder="Enter email">
<input type="submit" value="Sign Up">
</form>
When the form is submitted, it will perform an Http Post request to the controller. The action with the HttpPostattribute will handle the request.
当表单被提交时,它会向控制器执行一个 Http Post 请求。带有HttpPost属性的操作将处理请求。
回答by Chris Almond
Its so you can have multiple Actions that use the same name, you can use the HttpPost attribute to mark which method gets handled on a Post request like so:
这样您就可以有多个使用相同名称的操作,您可以使用 HttpPost 属性来标记在 Post 请求上处理哪个方法,如下所示:
public ActionResult ContactUs()
{
return View();
}
[HttpPost]
public ActionResult ContactUs(ContactUsModel model)
{
//do something with model
return View();
}
回答by Paul Syfrett
As far as best practices for HttpGet and HttpPost, it is good practice in any web development to use HttpPost for Creates, Updates, and Deletes (data modification). Post are good, because they require a form submission, which prevents users from clicking poisoned links(e.g. [https://www.mysite.com/Delete/1]) in emails, social sites, etc. and changing data inadvertently. If you are basically just Reading data HttpGet works great.
就 HttpGet 和 HttpPost 的最佳实践而言,在任何 Web 开发中使用 HttpPost 进行创建、更新和删除(数据修改)都是很好的做法。帖子很好,因为它们需要提交表单,这可以防止用户点击电子邮件、社交网站等中的有毒链接(例如 [ https://www.mysite.com/Delete/1])和无意中更改数据。如果您基本上只是读取数据 HttpGet 效果很好。
See OWASPfor more in-depth security considerations and why the validation token increases security.
有关更深入的安全注意事项以及验证令牌提高安全性的原因,请参阅OWASP。
回答by Adam Price
This is mainly so that you can have two Actions with the same name, one which is used on GETs and perhaps displays a form for user entry and the other being used on POSTs when the user submits the form displayed by the original GET. If the Actions are not differentiated in this way, an error will occur due to being unable to resolve which Action is intended to handle the request.
这主要是为了让您可以有两个同名的操作,一个用于 GET 并可能显示用户输入表单,另一个用于 POST 当用户提交原始 GET 显示的表单时。如果不这样区分Action,就会因为无法解析出是哪个Action来处理请求而出错。
