当前位置: 动力学知识库 > 问答 > 编程问答 >

c# - How to filter model data via query string params in asp.net mvc 4 ?

问题描述:

I am creating a view which initially pulls/display all the records on the page and later there are filters(textbox and checkbox) on left where user can filter the results from.

This is my first mvc app, so I have followed the below mentioned approach:

 // GET: /Search/

public ActionResult Home(int page = 1)

{

SearchController have a Home method which is default and pushes the data to view to display in grid.

Controls to filter the data is wrapped under:

@using (Html.BeginForm("Home", "Search", FormMethod.Post))

{

for that I have

[HttpPost]

public ActionResult Home(Partner partner)

My QUESTION is :

a) The search needs to be a query string based so that users can share the filtered result so what we be the best way to filter the Model data (partner here) via QS, I know I can either pass the whole model to the ActionResult or I can accept each field name in the AcitionResult.

b) How do you protect the QS params, the best practice ?

Thanks a lot in advance.

网友答案:

You could create two methods: One for GET and the other for POST.

[HttpPost]
public ActionResult Home(Partner partner)

[ActionName("Home")]
[HttpGet]
public ActionResult GetHome(Partner partner)

When you searching and passing parameters in the query string, it will go to the GetHome method, but the URL will still be the same.

网友答案:

First of all, you shouldn't use HttpPost to query filtered data! POST is for performing commands (typically adding new data, but can be used for other functions as well), while GET is used for queries.

Your Home action should be slightly modified:

public ActionResult Home(int page = 1, Person person)
{
   // get the initial data - i assume that you using some context for it (you can use service as well)   
   using(var context = new DbContext())
   {
       var data = context.... //get the data here
       if(person != null)
       {
           data = data.Where(p => p.id == person.id).ToList(); //filter by id for example
       }
       //assuming your view gets a List as a model
       return View(data)
   }
}

I know I can either pass the whole model to the ActionResult or I can accept each field name in the AcitionResult

I wouldn't use your display model as a filter. I would rather create new filter model that will include only the properties that you can filter by them. For example your display model is a list of Person objects and you allow to filter them by name, age, id. I would create something like:

public class PersonFilterModel
{ 
    public int Page //the one from your example
    public string Name {get;set;}
    public int? age {get;set;}
    public int? id {get;set;}
    //you can add properties for filter type (starts with, less than, bigger than)
}

so your action will be

public ActionResult Home(PersonFilterModel filter)

If number of filtered properties in not too big you can specify them as action arguments one by one without creating a model:

public ActionResult Home(int page, string name, int? age, int? id)

Regarding the protection of query string: https and ssl are the standard ways that are used in most of the cases.

网友答案:

I would like to first answer question b. I am assuming you want to prevent users from using a query string that will filter data in a way that shows data they should not be seeing. I don't think you need to secure the query string. Security should be handled server side. You shouldn't put anything in a query string that needs to be secured, for example a password.

Providing the ability to filter based on a query string is pretty powerful, especially if you do this in a dynamic way. I recently did this in a framework I wrote called Dynamic MVC (http://dynamicmvc.com). If you interested in using that you can install through nuget. It would provide the functionality your asking for with almost no coding on your part. However, if your not interested in Dynamic MVC you could take a look at how I did it on CodePlex (https://dynamicmvc.codeplex.com)

If you just want a quick summary, here is how I did it:

Parse the query string for any relevant properties for your model. You could use reflection to get the property names. Once you have the relevant properties you can use dynamic linq to filter the data with a linq to entities query.

分享给朋友:
您可能感兴趣的文章:
随机阅读: