asp.mvc 随记
2011-09-17 20:03 一一九九 阅读(228) 评论(0) 编辑 收藏 举报from: http://www.asp.net/mvc/tutorials
MVC stands for model-view-controller. MVC is a pattern for developing applications that are well architected and easy to maintain. MVC-based applications contain:
- Controllers: Classes that handle incoming requests to the application, retrieve model data, and then specify view templates that return a response to the client.
- Models: Classes that represent the data of the application and that use validation logic to enforce business rules for that data.
- Views: Template files that your application uses to dynamically generate HTML responses.
ASP.NET MVC invokes different controller classes (and different action methods within them) depending on the incoming URL. The default mapping logic used by ASP.NET MVC uses a format like this to determine what code to invoke:
/[Controller]/[ActionName]/[Parameters]
The first part of the URL determines the controller class to execute. So /HelloWorld maps to theHelloWorldController
class. The second part of the URL determines the action method on the class to execute. So /HelloWorld/Index would cause the Index
method of the HelloWorldController
class to execute. Notice that we only had to browse to /HelloWorld and the Index
method was used by default. This is because a method named Index
is the default method that will be called on a controller if one is not explicitly specified
HttpUtility.HtmlEncode
如果在 HTTP 流中传递空白和标点之类的字符,则它们在接收端可能会被错误地解释。HTML 编码将 HTML 中不允许使用的字符转换为等效字符实体;HTML 解码会反转此编码过程。例如,为进行 HTTP 传输,字符 < 和 > 在嵌入到文本块中时被编码为 < 和 >。
http://msdn.microsoft.com/zh-cn/library/73z22y6h(v=vs.80).aspx
Layout templates allow you to specify the HTML container layout of your site in one place and then apply it across multiple pages in your site. Note the @RenderBody()
line near the bottom of the file.RenderBody
is a placeholder where all the view-specific pages you create show up, "wrapped" in the layout page. Change the title heading in the layout template from "My MVC Application" to "MVC Movie App".
Before we go to a database and talk about models, though, let's first talk about passing information from the controller to a view. Controller classes are invoked in response to an incoming URL request. A controller class is where you write the code that handles the incoming parameters, retrieves data from a database, and ultimately decides what type of response to send back to the browser. View templates can then be used from a controller to generate and format an HTML response to the browser.
Controllers are responsible for providing whatever data or objects are required in order for a view template to render a response to the browser. A view template should never perform business logic or interact with a database directly. Instead, it should work only with the data that's provided to it by the controller. Maintaining this "separation of concerns" helps keep your code clean and more maintainable.
ViewBag传过来的值要不要进行HTML的编码解码?
dynamic object ?
Notice the second Edit
action method is preceded by the HttpPost
attribute. This attribute specifies that that overload of the Edit
method can be invoked only for POST requests. You could apply theHttpGet
attribute to the first edit method, but that's not necessary because it's the default. (We'll refer to action methods that are implicitly assigned the HttpGet
attribute as HttpGet
methods.)
All the HttpGet
methods follow a similar pattern. They get a movie object (or list of objects, in the case of Index
), and pass the model to the view. The Create
method passes an empty movie object to the Create view. All the methods that create, edit, delete, or otherwise modify data do so in the HttpPost
overload of the method. Modifying data in an HTTP GET method is a security risk, as described in the blog post entry ASP.NET MVC Tip #46 – Don’t use Delete Links because they create Security Holes. Modifying data in a GET method also violates HTTP best practices and the architectural REST pattern, which specifies that GET requests should not change the state of your application. In other words, performing a GET operation should be a safe operation that has no side effects.