for editing a data in views we should specify an "Id" to submit to out controller. but imagine that user manually change "Id" value. for example Id=10 change to Id=15 (by some tools in browser like Inspect). in this case EF update data with Id value 15 and trick our application. what is the best solution to overcome this issue?
My Solution:
in each domain class create a property named "UniqueId" as string type and when we add data to database, this property must be valued with GUID besides "Id" value. now when we send view to user UI we must send both property "Id" & "UniqueId" as hidden, then when client post data to controller for update, our logic section shall check "Id" & "UniqueId" both together and if any nonconformity existed, we can throw exception.
please help for this issue and mentioned solution. thanks
Related
I know this question might have been asked before but I have not found a single answer yet.
Basically I am using entity framework and I am in need of selecting data from a database without knowing the name of the table, as this will be generic.
Now if I do not know the table name, I do not know the type too as I have tried using context.Database.SQLQuery or context.Database.ExecuteSQLStatement but these all require the type of the object it should be expecting.
All I am receiving as parameters are the name of the table and the row ID.
Could anybody give me further advice?
Thanks.
#
Edit:
I have just been notified that the only property I would need from this table is the Name field...
I have two entities: product and category (Symfony 2.3).
I want to create a form in which an user can choose a product by first selecting the category. A user selects the category by clicking on image, then I want to set the image's value into a hidden input, but I don't see how can I change a foreign entity choice list to a hidden input (http://symfony.com/doc/current/reference/forms/types/entity.html).
How can I accomplish this? (how to change form input to hidden)
If I set cascade validation to true, will it for example check if a category really exist. (To prevent putting products with non-existing category from malicious users) ?
Part 1
To do this you need to use a data transformer to do two things:
transform an entity into an identifier that is either a string or integer so a form can render it as a hidden field.
transform the string or integer identifier into the entity when the form is submitted so that the parent entity can be saved with the correct relationship
The symfony docs I linked to above (here too) actually walk though an entire example of using a data transformer with a form.
As a shameless plug (because I believe it is helpful) I have written a little tutorial on using a data transformer for a hidden field with an entity id: http://lrotherfield.com/blog/symfony2-forms-entity-as-hidden-field/
Part 2
If you are using the data transformer then you don't need to worry about malicious users. The data transformer will fail because it will not be able to reverse transform the category from the fake id. In my tutorial the transformer will throw a Symfony\Component\Form\Exception\TransformationFailedException exception.
You can also write a validator (potentially using a call back) if you wanted that checks that the submitted category is real if you want an error to show in the form. Doctrine wont allow you to persist a fake category relationship as the foreign key constraint will fail.
I have an ASP.NET MVC 4 WebApi. I use Entity Framework as my ORM (database first). The DB has only one test table with a few fields with an int "id" set as identity (auto increment).
I just try to implement basic CRUD with a javascript client, but I always get ModelState.IsValid = false when I get to the POST method. I parsed the error and saw that is was coming from the "id" field, which has a value of 0. How does the api manage this kind of auto-increment keys ? What does it expect to receive in the "id" field ?
Everything is based on the template. I didn't change any code to the WebApi generated controller. All other operations (Read, Update, Delete) are working fine.
EDIT : Note that if I bypass the ModelState.IsValid() test, the data is saved in the DB and everything works... But obviously, that's not what I want to do.
EDIT 2 : I discovered that the identity property in a databse is handled by the StoreGeneratedPattern property on the id field in the EDMX. Possible values are : "Computed", "Identity" and "None". In my case, it's set to "Identity".
Check validation not put on ID in your model.Put Id as autogenrated.
I am hoping to get pointed in the right direction. I want to pass a variable from one controller into another controller.
what I want to do is have a person register a business then they are taken to a form to register a user. a business is a different controller/table to a user however the user requires the id/primary key of the business as a foreign key in the user table. How would I go about changing controllers and carrying the foreign key over?
the primary key for the business table is an autogenerated/autoincremented int in the database
i am unsure on how I would approach this but have a feeling it is to do with session data?
Why dont you pass the id in the url?. I'd do it like this:
Display /business/add. This is the form used to create a "business".
After saving the business in your controller, redirect to /business/add_user/123 (where "123" is the id of your business). This page displays and saves the users. Since you have passed the business_id in the url you'd have to add it as a foreign key manually into the $this->request->data before saving the user.
Of course that inside the controller of /business/add_user/123 you should verify a few thing: check if the business_id was passed as parameter in the url, check if the business exist, maybe check that the connected user was the one that created the businnes, etc
Hope this helps
Is there a way to force the ID value for a new entity in EF when we have an auto-incrementing ID column, i.e. use SET IDENTITY_INSERT behaviour through EF?
Our requirement is that our create form must always show a new, unique ID for the object we're creating on the empty form before it is filled in or saved. The idea is that this ID can be out read to someone over the phone and then the user can complete and save the form after the call is complete. We could reserve an ID by inserting an empty row into the database there and then, but we have unique columns and FKs; instead I've made a 'next ID' table that we increment with locks for safety, and I test this against the top ID in the object table too to be careful. The idea was to then force the use of this new ID when we write back the entity - but I can't see how to get EF to do it.
Is that possible - is it just something I've missed? I don't think the ID even makes it down to the insert so I don't think manually calling SET IDENTITY_INSERT around the SaveChanges would help.
Or do I have to do something else? I can see alternatives:
Change our ID column to not be an identity and take manual control of it all: there's a table ID inheritance here so this is potentially tricky too.
Separate DB ID and user-visible ID into a separate column, and record our unique ID there.
Empty row to reserve the ID, as above; might need some nullability changes, and amending our data read code to ignore these records.
Thanks! This is EF4 (using an EDMX and generated classes not POCOs), and against SQL Server 2008 in case that matters.
Why not use a Guid as primary key. Nothing to do with auto-increment, no concurrency pitfalls etc. You just create the Guid at the moment you create the form. Hand it over to a caller and fill in the form afterwards. When the form is cancelled, no problem. When the form is finished create the entity with the created Guid set the other values of the entity object, apply it to the (a) context and SaveChanges()...
Alternatives that wont alter your schema
Use EF Transaction
You can call context.SaveChanges() and get the autoincremented primary key. Once the process is completed you can commit the transaction. If the transaction is cancelled or there is an error/exception, you can always rollback so you wont have holes/dirty-data in your rows. I suggest you use the singleton pattern and pass the same transaction/context to whatever methods or screens to complete the process.
Just add an additional status: Draft
Save empty form as draft with saved ID, then proceed to edit the form with the information. Once complete save the form as final/ready. If you wont proceed to save the form, you can always recycle the draft.