currently I am working in asp.net mvc view
I create form using below code.
#{
T4.Models.Order o = new T4.Models.Order();
}
#using (Html.BeginForm("Create", "Default5", FormMethod.Post))
{
#Html.AntiForgeryToken()
<div class="form-horizontal">
<h4>Order</h4>
<hr />
#Html.ValidationSummary(true)
<div class="form-group">
#Html.LabelFor(model => o.CustomerID, new {#class = "control-label col-md-2" })
<div class="col-md-10">
#Html.EditorFor(model=>o.CustomerID)
#Html.ValidationMessageFor(model => o.CustomerID)
</div>
</div>
</div>
}
this code render perfectly but problem is it render with prefix of object's name.
show below html code
<input class="text-box single-line" data-val="true" data-val-required="The CustomerID field is required." id="o_CustomerID" name="o.CustomerID" type="text" value="">
you can see this html input control has id="o_CustomerID".I want that it only render with id="CustomerID".
I does not know why it takes object name as prefix.
please help me.
Thank You.
No need to initialize object of T4.Models.Order class.
#{
T4.Models.Order o = new T4.Models.Order();
}
Replace above code to:
#model T4.Models.Order
Then simple use:
<div class="form-group">
#Html.LabelFor(model => model.CustomerID, new {#class = "control-label col-md-2" })
<div class="col-md-10">
#Html.EditorFor(model=> model.CustomerID)
#Html.ValidationMessageFor(model => model.CustomerID)
</div>
</div>
Related
I want to insert data into my DB in ASP MVC. I have successfully inserted into my DB. here is the code for the view:
<div class="form-group">
#Html.LabelFor(model => model.username, htmlAttributes: new { #class = "control-label col-md-2" })
<div class="col-md-10">
#Html.EditorFor(model => model.username)
</div>
</div>
<div class="form-group">
#Html.LabelFor(model => model.admin_privilage, htmlAttributes: new { #class = "control-label col-md-2" })
<div class="col-md-10">
<div class="checkbox">
#Html.EditorFor(model => model.admin_privilage)
</div>
</div>
</div>
and the controller :
[HttpPost]
public ActionResult createuser (User collection)
{
List<object> lst = new List<object>();
lst.Add(collection.username);
lst.Add(collection.admin_privilage);
object[] allitems = lst.ToArray();
int output = db.Database.ExecuteSqlCommand("insert into USER (username,admin_privilage) values (#p0,#p1)", allitems);
return View();
}
What I want to ask is, in my view is using customize input text and label as follow:
<div class="form-group">
<label for="username" class="col-form-label">名前:</label>
<input type="text" class="form-control" id="username">
</div>
<div class="form-group">
<div class="row">
<div class="col-md-6">
<input type="checkbox" id="addadmin" name="admin">
<label for="admin" class="col-form-label">Admin</label>
</div>
</div>
</div>
How can I capture the input parameter from users and pass it in Controller? so it can be inserted to my database as well.
You can try it using the same model.name as in html form control id and name attribute like:
<div class="form-group">
<label for="username" class="col-form-label">名前:</label>
<input type="text" class="form-control" **id="username" name="username"**>
</div>
<div class="form-group">
<div class="row">
<div class="col-md-6">
<input type="checkbox" **id="admin_privilage" name="admin_privilage"**>
<label for="admin_privilage" class="col-form-label">Admin</label>
</div>
</div>
</div>
Am trying to click save button to update what I have in text editor using ckeditor but I got this error
A potentially dangerous Request.Form value was detected from the client (OPTION_VALUE="Welcome to the Na...").
The controller is shown below
Controller
public ActionResult EditRegistrationGuideline(long id)
{
OPTIONS options = _optionsService.GetOption(id);
return View(options);
}
//
// POST: /Product/Edit/5
[HttpPost]
public ActionResult EditRegistrationGuideline(long id, OPTIONS options)
{
try
{
// TODO: Add update logic here
if (ModelState.IsValid)
{
options.OPTION_ID = id;
options.ACTION_STATUS = 0;
options.CREATED_DATE = DateTime.Now;
_optionsService.AddOption(options);
return RedirectToAction("Index");
}
}
catch
{
//return View();
ModelState.AddModelError("", "We cannot edit this Option. Verify your data entries !");
}
return View();
}
and the view is here
View
#{
//ViewBag.Title = "CreateRegistrationGuideline";
}
<div class="content-header clearfix">
<h1 class="pull-left">
<i class="fa fa-plus"> </i> Edit Registration Guideline
</h1>
<div class="col-xs-3 pull-right">
<input type="button" class="btn btn-block btn-warning" value="Back" onclick="location.href='#Url.Action("IndexRegistrationGuideline", "Options")'" />
</div>
<div class=" box box-body box-primary">
#using (Html.BeginForm("EditRegistrationGuideline", "Options", FormMethod.Post, new { #class = "form-horizontal", #enctype = "multipart/form-data" }))
{
#Html.AntiForgeryToken()
<div class="form-horizontal">
#*<h4>OPTIONS</h4>
<hr />*#
#*#Html.ValidationSummary(true)*#
#Html.ValidationSummary(false, null, new { #class = "text-danger" })
<div class="row .col">
<div style="margin-top:20px" class="mainbox col-md-12 col-md-offset-0 col-sm-8 col-sm-offset-2">
<div class="panel panel-info">
<div class="panel-heading">
<div class="panel-title">Edit Option</div>
</div>
<div class="panel-body">
#*<div class="form-group">
#Html.LabelFor(model => model.OPTION_NAME, new { #class = "control-label col-md-2" })
<div class="col-md-10">*#
#*#Html.LabelFor(model => model.OPTION_NAME, new { #class = "control-label col-md-2" })
<div class="col-md-10">*#
#*#Html.EditorFor(model => model.OPTION_NAME)*#
#*#Html.HiddenFor(model => model.faculty_activation_date, new { #Value = System.DateTime.Now })*#
#Html.HiddenFor(model => model.OPTION_NAME)
#Html.ValidationMessageFor(model => model.OPTION_NAME)
<div class="form-group">
#*#Html.LabelFor(model => model.OPTION_VALUE, new { #class = "control-label col-md-2" })*#
<div class="col-md-10">
#Html.LabelFor(model => model.OPTION_VALUE, "Option Value")
#*<textarea class="form-control" placeholder="Enter Option Value" name="OPTION_VALUE" id="editor1"></textarea>*#
#Html.TextAreaFor(model => model.OPTION_VALUE, new { #class = "form-control", #id = "editor1" })
#Html.ValidationMessageFor(model => model.OPTION_VALUE, "", new { #class = "text-danger" })
</div>
</div>
#*<div>
#Html.LabelFor(model => model.OPTION_VALUE, "Option Value")
#Html.TextAreaFor(model => model.OPTION_VALUE, new { #type = "textarea", #id="editor1", #class = "form-control", #placeholder = "Enter Option Value", #autocomplete = "on" })
#Html.ValidationMessageFor(model => model.OPTION_VALUE, null, new { #class = "text-danger" })
</div>*#
#*<div class="form-group">
#Html.LabelFor(model => model.ACTION_STATUS, new { #class = "control-label col-md-2" })
<div class="col-md-10">
#Html.EditorFor(model => model.ACTION_STATUS)
#Html.ValidationMessageFor(model => model.ACTION_STATUS)
</div>
</div>*#
</div>
<div class="panel-footer">
<div class="panel-title">
<div class="form-actions no-color">
<input type="submit" value="Save" class="btn btn-success" />
</div>
</div>
</div>
</div>
</div>
</div>
</div>
}
#*<div>
#Html.ActionLink("Back to List", "Index")
</div>*#
#section Scripts {
#Scripts.Render("~/bundles/jqueryval")
<script src="~/Scripts/jquery-3.1.1.min.js"></script>
<script src="~/Scripts/jquery.validate.min.js"></script>
<script src="~/Scripts/jquery.validate.unobtrusive.min.js"></script>
<script src="https://cdn.ckeditor.com/4.5.7/standard/ckeditor.js"></script>
<script>
$(function () {
CKEDITOR.replace('editor1');
});
</script>
}
Please what do I do.
I use CKEDITOR
XSS error ("A potentially dangerous Request.Form value was detected from the client(...)").
Solution:
[ValidateInput(false)]
Differnce b/w them
AllowHtml:
The AllowHtml attribute can be applied to a Model property and it will disable the validation by ASP.Net MVC only for that particular property
Advantages
The AllowHtml attribute is developed for Model class.
The Scope is limited to specific property of the Model class.
It is the safe and recommended solution.
ValidateInput
The ValidateInput attribute can be applied to a Controller’s Action method and it will disable the validation by ASP.Net MVC only for that particular Action method.
Advantages
The Scope is limited to specific Action method of the Controller class.
If you have multiple properties accepting HTML content, then this method will reduce redundancy.
When Model class is not used for designing Form elements then this attribute is needed.For complete details Link
Just place ValidateInput(false) attribute on controller's action.
[HttpPost]
[ValidateInput(false)]
public ActionResult EditRegistrationGuideline(long id, OPTIONS options)
The other option is to place [AllowHtml] attribute on Model Property, have a look on SO post to get difference between them
ValidateInput(false) vs AllowHtml
I was experiencing a similar issue with the following error message A potentially dangerous Request.Form value was detected from the client.
As an alternative to the previous answers, I found encoding the value passed back to the controller worked. CKEditor allows you to do this by setting the config config.htmlEncodeOutput = true;.
The documentation for this can be found at: https://docs-old.ckeditor.com/ckeditor_api/symbols/CKEDITOR.config.html#.htmlEncodeOutput
I got this error while testing XSS on my site.
This is a very good feature that the model gives us that prevents XSS, CSRF from penetrating your site.
Do not disable it as much as possible.
This is the code generated by the Visual Studio when i added a view for my Edit function
I want to pass the values inside the <input> generated by the #Html.EditorFor() from the view to my controller.
How can i access those values? Can i do it without manually declaring textboxes via <input class="form-control text-box single-line" id="Surname" name="Surname" type="text"> ?
#using (Html.BeginForm("Save","my",FormMethod.Post)){
#Html.AntiForgeryToken()
<div class="form-horizontal">
<h4>User</h4>
<hr />
#Html.ValidationSummary(true, "", new { #class = "text-danger" })
#Html.HiddenFor(model => model.Id)
<div class="form-group">
#Html.LabelFor(model => model.Name, htmlAttributes: new { #class = "control-label col-md-2" })
<div class="col-md-10">
#Html.EditorFor(model => model.Name, new { htmlAttributes = new { #Value=Model.Name, #class = "form-control" } })
#Html.ValidationMessageFor(model => model.Name, "", new { #class = "text-danger" })
</div>
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-10">
<input type="submit" value="Save" class="btn btn-default" />
</div>
</div>
</div>
}
UPDATE
found the answer, i simply needed to pass this code as an argument in my function inside the controller that would create an object User with properties inside Include
public string Submit ([Bind(Include = "Name")] User user){
}
In a MVC 5 application, I have a partial view with a button to submit some information. But when I push that button the parent form is validated, making all the validating errors displayed. All I want is that only the validated fields in the partial view are executed with no interaction with the parent form.
Code update (partial view, UploadFile):
<form action="#Url.Action("Upload","File")" method="post" enctype="multipart/form-data">
<label for="photo">Photo:</label>
<input type="file" name="photo" id="photo" />
<input type="submit" value="Upload" />
</form>
Code parent form:
<h2>Create</h2>
#using (Html.BeginForm())
{
#Html.AntiForgeryToken()
<div class="form-horizontal">
#Html.ValidationSummary(true, "", new { #class = "text-danger" })
<div class="form-group">
#Html.LabelFor(model => model.CategoriaId, "CategoriaId", htmlAttributes: new { #class = "control-label col-md-2" })
<div class="col-md-10">
#Html.DropDownList("CategoriaId", null, htmlAttributes: new { #class = "form-control" })
#Html.ValidationMessageFor(model => model.CategoriaId, "", new { #class = "text-danger" })
</div>
</div>
<div class="form-group">
#Html.LabelFor(model => model.Titulo, htmlAttributes: new { #class = "control-label col-md-2" })
<div class="col-md-10">
#Html.EditorFor(model => model.Titulo, new { htmlAttributes = new { #class = "form-control" } })
#Html.ValidationMessageFor(model => model.Titulo, "", new { #class = "text-danger" })
</div>
</div>
<div class="form-group">
#Html.LabelFor(model => model.Descripcion, htmlAttributes: new { #class = "control-label col-md-2" })
<div class="col-md-10">
#Html.EditorFor(model => model.Descripcion, new { htmlAttributes = new { #class = "form-control" } })
#Html.ValidationMessageFor(model => model.Descripcion, "", new { #class = "text-danger" })
</div>
</div>
<div class="form-group">
#Html.LabelFor(model => model.Precio, htmlAttributes: new { #class = "control-label col-md-2" })
<div class="col-md-10">
#Html.EditorFor(model => model.Precio, new { htmlAttributes = new { #class = "form-control" } })
#Html.ValidationMessageFor(model => model.Precio, "", new { #class = "text-danger" })
</div>
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-10">
<input type="submit" value="Create" class="btn btn-default" />
</div>
</div>
#Html.Partial("UploadFile")
</div>
}
<div>
#Html.ActionLink("Back to List", "Index")
</div>
Since you have a <form> tag inside the partial view and you put #Html.Partial("UploadFile") inside #using (Html.BeginForm()) block like below
<h2>Create</h2>
#using (Html.BeginForm())
{
#Html.AntiForgeryToken()
....
....
....
#Html.Partial("UploadFile")
}
It will be rendered as nested forms like this
<h2>Create</h2>
<form>
....
....
....
<form action="/File/Upload" method="post" enctype="multipart/form-data">
<label for="photo">Photo:</label>
<input type="file" name="photo" id="photo" />
<input type="submit" value="Upload" />
</form>
</form>
which is invalid html. You need to move #Html.Partial("UploadFile") outside of #using (Html.BeginForm()) block
<h2>Create</h2>
#using (Html.BeginForm())
{
#Html.AntiForgeryToken()
....
....
....
}
#Html.Partial("UploadFile")
This may cause due to nested form.
Make sure that child form is not nested inside another form.
the HTML specs forbid nested forms.
#using (Html.BeginForm())
{
..
}
#Html.Partial("UploadFile") // place it outside of main form
As partial view contain another form you need to place it outside of main form anotherwise it will be nesting(HTML specs forbid nested forms)
I have the following javascript and input fields within my model.
script type="text/javascript">
function sum() {
var txtFirstNumberValue = document.getElementById('money1').value;
var txtSecondNumberValue = document.getElementById('money2').value;
var txtThirdNumberValue = document.getElementById('money3').value;
var result = parseFloat(txtFirstNumberValue) + parseFloat(txtSecondNumberValue) + parseFloat(txtThirdNumberValue);
if (!isNaN(result)) {
document.getElementById('Total').value = result;
}
}
</script>
<div class="form-group">
#Html.LabelFor(model => model.Total, "Total", new { #class = "control-label col-md-5" })
<div class="col-md-offset-0">
<input type="text" id="Total" name="Total" />
#*#Html.EditorFor(model => model.Total)*#
#Html.ValidationMessageFor(model => model.Total)
</div>
</div>
<div class="form-group">
#Html.LabelFor(model => model.money1, "money1", new { #class = "control-label col-md-5" })
<div class="col-md-offset-0">
#*#Html.EditorFor(model => model.money1)*#
<input type="text" id="money1" onkeyup="sum();" name="money1" />
#Html.ValidationMessageFor(model => model.money1)
</div>
</div>
<div class="form-group">
#Html.LabelFor(model => model.money2, "money2", new { #class = "control-label col-md-5" })
<div class="col-md-offset-0">
#*#Html.EditorFor(model => model.money2)*#
<input type="text" id="money2" onkeyup="sum();" name="money2" />
#Html.ValidationMessageFor(model => model.money2)
</div>
</div>
<div class="form-group">
#Html.LabelFor(model => model.money3, "money3", new { #class = "control-label col-md-5" })
<div class="col-md-offset-0">
#*#Html.EditorFor(model => model.money3)*#
<input type="text" id="money3" onkeyup="sum();" name="money3" />
#Html.ValidationMessageFor(model => model.money3)
</div>
</div>
This all works fine. When I type a value into the 3 money fields the resulting value appears in the Total field. Within MVC if I click on the details view it shows all four values, however if I click on the edit view all four fields are blank. Question is how do I get the values to appear and remain in edit mode?
Well, for starters your model-bound input fields are commented out:
#*#Html.EditorFor(model => model.money1)*#
In order to get those to work you'd need to un-comment them.
You could just manually populate your markup with the model values, something like this:
<input type="text" id="money1" onkeyup="sum();" name="money1" value="#model.money1" />
That should pre-populate that input with the model's money1 value. Though you're assuming the responsibility of manually implementing anything else that the built-in HTML helpers would provide for you. Unless there's a compelling reason not to use Html.EditorFor() I imagine that would be the better option.