Friday, September 14, 2012

ASP.NET MVC form submission with link

While learning about ASP.NET MVC and whether it was possible to use an HTML anchor tag to trigger an HTTP POST request (I didn't want to use a button), I came across this interesting post about the pitfalls of using links for deletion of data:

It's worth knowing, and this issue highlighted is in a similar vein to SQL injection in URL's.

The intended operation for the link I was creating was to update a database record, so the consequences of using a link are similar to that of a delete operation via a link. In the end, I opted to trigger a form submission via javascript:

@using (Html.BeginForm())
        <a href="javascript:document.forms[0].submit()">Yes</a> |
        @Html.ActionLink("No", "Details", new { id = Model.Id })