Share via


Controller.UpdateModel<TModel> Method (TModel, String, IValueProvider)

Updates the specified model instance using values from the value provider and a prefix.

Namespace:  System.Web.Mvc
Assembly:  System.Web.Mvc (in System.Web.Mvc.dll)

Syntax

'Declaration
Protected Friend Sub UpdateModel(Of TModel As Class) ( _
    model As TModel, _
    prefix As String, _
    valueProvider As IValueProvider _
)
protected internal void UpdateModel<TModel>(
    TModel model,
    string prefix,
    IValueProvider valueProvider
)
where TModel : class
protected public:
generic<typename TModel>
where TModel : ref class
void UpdateModel(
    TModel model, 
    String^ prefix, 
    IValueProvider^ valueProvider
)

Type Parameters

  • TModel
    The type of the model object.

Parameters

  • model
    Type: TModel
    The model instance to update.
  • prefix
    Type: System.String
    The prefix to use when looking up values in the value provider.

Remarks

You do not have to explicitly specify the generic parameter TModel. Instead, you can let the C# or Visual Basic type inference engine determine the generic parameter TModel by omitting it.

The [Overload:System.Web.Mvc.Controller.TryUpdateModel``1] method is like the [Overload:System.Web.Mvc.Controller.UpdateModel``1] method except that the [Overload:System.Web.Mvc.Controller.TryUpdateModel``1] method does not throw an InvalidOperationException exception if the updated model state is not valid.

For more information model validation, see the entry Input Validation vs. Model Validation in ASP.NET MVC on Brad Wilson's blog.

Security noteSecurity Note

Use one of the [Overload:System.Web.Mvc.Controller.TryUpdateModel``1] methods that takes either a list of properties to include (a whitelist) or a list of properties to exclude (a blacklist). If no explicit whitelist or blacklist is passed, the [Overload:System.Web.Mvc.Controller.TryUpdateModel``1] method tries to update every public property in the model for which there is a corresponding value in the request. A malicious user could exploit this in order to update properties that you do not intend to provide access to.

See Also

Reference

Controller Class

UpdateModel Overload

System.Web.Mvc Namespace