1

这是我的 asp.net mvc 2 项目的模型:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.ComponentModel;
using System.ComponentModel.DataAnnotations;
using System.Web.DynamicData;
using System.Web.Security;
using System.Globalization;
using System.Web.Profile;

namespace EMS.Models
{
public class UserModels
{

    [Required(ErrorMessage = "*")]
    public string userName { get; set; }

    [Required(ErrorMessage = "*")]
    public string passWord { get; set; }
  }
}

这是我的观点:

 <% Html.EnableClientValidation(); %>
    <% using (Html.BeginForm()) { %>

    <table>
            <tr>
                <td><label for="userlogin">User Login:</label></td>
                <td>
                    <%: Html.TextBoxFor(m => m.userName, new { id = "userName"})%> 
                    <%: Html.ValidationMessageFor(m => m.name)%>
                </td>
                <td><label for="password">Password:</label></td>
                <td>
                    <%: Html.PasswordFor(m => m.passWord, new { id = "password"})%> 
                    <%: Html.ValidationMessageFor(m => m.passWord)%>
                </td>
             </tr>
            <tr>
                <td colspan="4">
                    &nbsp; <input type="submit"  name="enter_infor" id="enter_infor" value="Enter Information"/>
                </td>
            </tr>
    </table>

这是我的控制器:

    [HttpPost]
    public ActionResult UserMaintenance(FormCollection frm)
    {
        UserModels candidate = new UserModels
        {
            userName = frm["userName"].ToString(),
            passWord = frm["passWord"].ToString()
       };

       DBSEntities context = new DBSEntities();
       UserName user = new UserName();
       context.AddToUserNames(user);
       context.SaveChanges();
       return View();
    }

问题:我想验证用户是否输入了用户名和密码文本框。但是我上面的所有代码,用户仍然可以在没有任何验证消息的情况下提交它。我将脚本包含在 Site.Master 中。谁能告诉我,我做错了什么?

谢谢。

4

2 回答 2

2

您应该ModelState.IsValid在控制器操作中使用,否则您设置的所有验证都是无用的。

public ActionResult UserMaintenance(UserName user)
{
   if(ModelState.IsValid) // save the user only if it is valid
   {
       DBSEntities context = new DBSEntities();
       context.AddToUserNames(user);
       context.SaveChanges();
       return RedirectToAction("Index") // redirect to some other action or whatevery you wish
   }

   return View(); // else return the same view this will show all the validation errors
}
于 2012-06-25T14:33:34.393 回答
2

一件事是您在 POST 期间没有检查模型状态,并且确实应该使用强类型控制器/操作和视图。即使您让 ClientValidation 正常工作,您仍然应该进行服务器端检查以确保没有绕过客户端内容。您可以将 POST 方法更改为以下

 [HttpPost]
        public ActionResult UserMaintenance(UserModels candidate)
        {
            //If the model is not valid, return the view with the posted values
            //Validation messages will appear where appropriate based on your 
            //View Model
            if(!modelState.isValid()){
               return View(candidate);
            }

            DBSEntities context = new DBSEntities();
            //Not sure what this code was doing, you were creating a variable
            //and then never setting the properties from the FormCollection on 
            //this new variable.  This seems to be the correct way below, but
            //whatever you need to do to get this POSTed info to your DB....
            context.AddToUserNames(candidate);
            context.SaveChanges();
            return View();
    }

至于 ClientSideValidation 的东西,请仔细检查您是否包含正确的脚本和正确的顺序(您可以在您的问题中列出这些吗?)

于 2012-06-25T13:23:15.713 回答