Controller.TryUpdateModel<TModel> Method (TModel, String, IValueProvider)

Статья
02/21/2011

Updates the specified model instance using values from the value provider and a prefix.

Namespace: System.Web.Mvc
Assembly: System.Web.Mvc (in System.Web.Mvc.dll)

Syntax

'Declaration
Protected Friend Function TryUpdateModel(Of TModel As Class) ( _
    model As TModel, _
    prefix As String, _
    valueProvider As IValueProvider _
) As Boolean

protected internal bool TryUpdateModel<TModel>(
    TModel model,
    string prefix,
    IValueProvider valueProvider
)
where TModel : class

protected public:
generic<typename TModel>
where TModel : ref class
bool TryUpdateModel(
    TModel model, 
    String^ prefix, 
    IValueProvider^ valueProvider
)

Type Parameters

TModel
The type of the model object.

Parameters

model
Type: TModel
The model instance to update.

prefix
Type: System.String
The prefix to use when looking up values in the value provider.

valueProvider
Type: System.Web.Mvc.IValueProvider
A dictionary of values that is used to update the model.

Return Value

Type: System.Boolean
true if the update is successful; otherwise, false.

Remarks

The [Overload:System.Web.Mvc.Controller.TryUpdateModel``1] method is like the [Overload:System.Web.Mvc.Controller.UpdateModel``1] method except that the [Overload:System.Web.Mvc.Controller.TryUpdateModel``1] method does not throw an InvalidOperationException exception if the updated model state is not valid.

For more information model validation, see the entry Input Validation vs. Model Validation in ASP.NET MVC on Brad Wilson's blog.

Security Note
Use one of the [Overload:System.Web.Mvc.Controller.TryUpdateModel``1] methods that takes either a list of properties to include (a whitelist) or a list of properties to exclude (a blacklist). If no explicit whitelist or blacklist is passed, the [Overload:System.Web.Mvc.Controller.TryUpdateModel``1] method tries to update every public property in the model for which there is a corresponding value in the request. A malicious user could exploit this in order to update properties that you do not intend to provide access to.

Use one of the [Overload:System.Web.Mvc.Controller.TryUpdateModel``1] methods that takes either a list of properties to include (a whitelist) or a list of properties to exclude (a blacklist). If no explicit whitelist or blacklist is passed, the [Overload:System.Web.Mvc.Controller.TryUpdateModel``1] method tries to update every public property in the model for which there is a corresponding value in the request. A malicious user could exploit this in order to update properties that you do not intend to provide access to.

Поделиться через

Controller.TryUpdateModel<TModel> Method (TModel, String, IValueProvider)

Syntax

Type Parameters

Parameters

Return Value

Remarks

See Also

Reference

Дополнительные ресурсы