This course will be retired on June 1, 2025.

Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

Entity Framework with ASP.NET MVC

Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

Handling Creates and Updates

6:34 with James Churchill

Now we're ready to update the comic books controller to handle creates and updates. Let's finish the "Add Comic Book" page before we move on to the "Update Comic Book" page.

Follow Along

To follow along committing your changes to this course, you'll need to fork the dotnet-comic-book-library-manager repo. Then you can clone, commit, and push your changes to your fork like this:

git clone <your-fork>
cd dotnet-comic-book-library-manager
git checkout tags/v2.5 -b handling-creates-and-updates

Keyboard Shortcuts

  • CTRL+K CTRL+U - Uncomment Selection

Avoiding Updating Every Table Column

Let's look at a couple of approaches that you can use to avoid EF creating a SQL update statement that updates every table column.

First off, if you're just looking to prevent updating a single column (or handful of columns), you can use an entity's context entry to change a property's IsModified property to false. For example, this line of code would keep the IssueNumber column from being included in the SQL update statement:

comicBookEntry.Property("IssueNumber").IsModified = false;

Another approach is to retrieve the entity from the database (so that the context is tracking it) and then update that entity with the new values from the user's post data. A convenient way of doing that is to use the Controller class' UpdateModel or TryUpdateModel method to update the entity that's retrieved from the database.

// Creating an anonymous object here in order to keep the shape of the model
// the same as the incoming form post data.
var comicBookToUpdate = new
{
    ComicBook = _comicBooksRepository.Get(comicBook.Id)
};
UpdateModel(comicBookToUpdate);
Context.SaveChanges();

The downside of this approach is that it requires an additional query to load the entity into the context and an additional model binding pass.

Security Considerations

When relying upon modeling binding to populate view model or entity values, an important security consideration for ASP.NET MVC developers to consider is an issue known as "over posting". Over posting is when users manipulate a request to include additional form post name/value pairs (beyond those that are included in the form itself).

We'll look at how to resolve this issue in a future security related course. For more information on this issue and ways to prevent it, see this excellent blog post from K. Scott Allen:

6 Ways To Avoid Mass Assignment in ASP.NET MVC

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

    Related Discussions

    Have questions about this video? Start a discussion with the community and Treehouse staff.

    Sign up

    Now we're ready to update the comic book's controller to handle creates and updates. 0:00
    Let's finish the add comic book page before we move on 0:05
    to the update comic book page. 0:08
    In the previous video, we updated the add get action method 0:11
    to retrieve all of the data that's needed by the add comic book page. 0:14
    Now, let's update the add post action method starting with the quick review, 0:18
    the method. 0:23
    The active method sole parameter is an instance of the comic book's add view 0:24
    model, view model class. 0:29
    As we can see here in this call to the validate comic book method, 0:31
    the view model provides a comic book property giving us access to the comic 0:34
    book that the user is attempting to add. 0:38
    After validating the comic book, we then get a reference to the comic book, 0:41
    if the ModelState is valid, and 0:45
    add the initial artist by calling the comicBook.AddArtist method. 0:47
    Here's where we'll add the comic book to the database. 0:52
    We then set the Message key in the TempData dictionary, and 0:54
    redirect the user to the comic book Detail page for the newly added comic book. 0:58
    If the model state was invalid, we initialize the view model and 1:03
    pass it into a call to the view method, which will cause the add comic book page 1:07
    to be redisplayed back to the user with any error messages displayed. 1:11
    To add a comic book to the database, we need to call the add method 1:16
    on the contexts' comic book's DB set property passing in the comicBook. 1:20
    Then, we call the contexts save changes method to 1:25
    persist the added comicBook to the database, 1:29
    _context.ComicBooks.Add(comicBook). 1:33
    Then _context.SaveChanges(). 1:38
    Let's finish updating the edit get and 1:45
    post action methods before we test our changes. 1:47
    The edit get action method's sole parameter is a nullable integer named id. 1:50
    If the id parameter is null, 1:55
    we immediately return a bad request HttpStatusCode. 1:57
    Otherwise, we attempt to retrieve the comicBook from the database. 2:02
    And if we don't find a comicBook, we return a not found HttpStatusCode. 2:05
    If we find a comicBook, 2:11
    we instantiate an instance of the ComicBooksEditViewModel class and 2:13
    set its comic book property to the comic book that was retrieved from the database. 2:17
    And initialize the viewModel. 2:22
    Lastly, we call the viewMethod, passing in the viewModel instance. 2:24
    The query to retrieve the ComicBook can just use a call to the link where operator 2:29
    in order to retrieve the ComicBook for the passed in id parameter value, 2:34
    followed by a call to the single or default method to execute the query. 2:38
    _context.ComicBooks.Where(cb => 2:42
    cb.Id == id).singleOrDefault(). 2:47
    The edit post action method is 2:52
    very similar in structure to 2:57
    the add post action method. 3:02
    So we won't take the time to review it line by line. 3:07
    To update a comic book in the database, we need to attach the disconnected entity 3:11
    to the context and change its entry state to modified. 3:15
    We can use the context's entry method to get an entity's entry. 3:19
    And remember, 3:23
    the entry method will attach the passed in entity if it's not already in the context. 3:24
    Then we call the context's save changes method to persist 3:29
    the comic book updates to the database. 3:32
    _context.Entry(comic) (comicBook).State = 3:34
    EntityState.Modifed;_context.SaveChanges- ();. 3:38
    Changing an entry state to Modified will cause EF to 3:42
    generate a SQL update statement that will include 3:47
    every column in the entity's associated table, 3:52
    regardless if that column has an updated value or not. 3:57
    For this specific situation, this isn't a problem. 4:02
    But in other situations, we might wanna avoid this. 4:06
    For instance, maybe the entity that we're updating contains a lot of properties. 4:10
    And we wanna avoid the overhead of updating every column 4:14
    in the associated table, whether or not it has a new value, or 4:18
    maybe the entity contains properties that shouldn't be updatable. 4:23
    See the teacher's for 4:26
    overviews of techniques that will allow you to avoid updating every table column. 4:27
    Now, we are ready to test creating and updating comic books. 4:32
    Here's our list of comic books. 4:37
    Let's add issue number 4 of the Bones series. 4:39
    Click the Add comic book button to browse to the add comic book page. 4:43
    Select Bone for the Series, change the issue number to 4. 4:48
    I'll leave published on as today's date. 4:54
    Average rating and description are both optional so I'll leave them blank. 4:57
    And then I'll select Jeff Smith for the artist with a role of script. 5:01
    And click the Save button. 5:08
    Now we're at the comic book detail page viewing the comic book that we just added. 5:11
    We can see all of the initial values that were provided. 5:16
    So we can confirm that we're able to add a comic book to the database. 5:19
    Click Edit to edit the comic book. 5:23
    Let's change the published on date. 5:26
    Provide an average rating and a description. 5:30
    And click the Save button. 5:38
    And we're back at the comic book detail page, where we can see our updated values. 5:41
    Everything looks good so far. 5:53
    Now that we've implemented comic book creates and updates, let's turn our 5:56
    attention to implementing our server-side comic book validation method. 6:00
    The validate comic method, which is called from both the add and 6:04
    edit post action methods, needs to be updated with a query 6:08
    that checks if the provided issue number is already in use or not. 6:11
    To do that, replace this boolean value with a query that checks if the database 6:15
    contains a different comic book that is associated with the same series, and 6:20
    has the same issue number. 6:26
    Go ahead and try to write the required query. 6:27
    At the beginning of the next video, I'll show you the solution that I came up with. 6:30

    You need to sign up for Treehouse in order to download course files.

    Sign up

      You need to sign up for Treehouse in order to set up Workspace

      Sign up