I know how to serialize a form:
$("#attributeform").serialize()
but I want to store this in some kind of variable, like a hash, so that I can retrieve these values and resubmit them in order to transition between states.
I think you are looking for serializeArray instead. It produces an array where you can save and edit.
Actually I was able to use a simple hashtable for this. I didn't want to mess with serializeArray because I was actually looking not to hash the form values, but to hash the serialized form to ANOTHER value. Sorry if I wasn't clear.
Related
i was reading about AntiForgeryToken but do not understand the actual use or importance. i saw people wrote a code like in their form as
#using (Html.BeginForm("Create", "Register"))
{
#Html.AntiForgeryToken()
}
so what it does....it will generate a unique token and when form will post then this unique toke will pass and as well as a cookie will pass with same unique token value and two unique data will compare at server end that both are equal or not. if not then some tamper occur.
i just do not understand if other form field value change or tamper then how that tampering can be determine. suppose we often store valuable data inside hidden fields. if i need to secure that hidden fields value then how AntiForgeryToken can help us?
can we use AntiForgeryToken to wrap up those valuable data inside it and later compare at server end.
can anyone give me bit of sample code by which i can put 3 valuable data in my page and if tamper then a friendly message will be show to user. guide me how to do it. thanks
The idea behind the AntiForgeryToken is to prevent data being posted from a "fake" source. An attacker using a fake (forged) form can trick the user to submit any kind of data using their current session context. As you can imagine this can do quite a lot of damage.
A way to prevent this is to have a hidden field on your forms containing user specific data(something random) that is stored in the session, so that the bad guys can't forge it. In this case when a user posts the data, but doesn't have the user specific token, you can treat is as being malicious.
I think you have a misconception that the anti forgery token is about detecting whether the data posted has been "tempered" with, which it is not.
Here is more on this.
I am sending over a series of array values from a posted form to an MVC3 Controller. I was hoping the default modelbinder would be able to parse this but I'm having some difficulty with it.
The array is in the following format:
order[0].[type]=some value.
I think this is the reason the model binder is not parsing my values because I'm not getting anything populated in my model.
What would be another way to handle this?
Probably need to post more of your code so I can see what you are doing exactly. However saying this you need to pass the model to the view/partial view on the response you are trying to retrieve on the post request.
If not you will have to iterate through the Form Collection that will be returned and the Actions Methods type e.g. ActionMethodName(FormCollection form), one issue is name versus id its the name of the Kendo UI control that is used to get the value not the id.
1As far as I remember the right format was:
orders[0].OrderID=13;
orders[0].Name="test";
orders[1].OrderID=15;
orders[1].Name="again test";
The indexing should start from 0 and increase by 1.
Check this out: http://haacked.com/archive/2008/10/23/model-binding-to-a-list.aspx
Fill the form with data
Proceed to fields' validation
if the validation pass, go to the a different.
In ASPNET NVC, I can put my data in Tempdata["myKey"] and recover it somewhere else.
How can I obtain the same result in WebMatrix?
Thanks for helping
There isn't a direct equivalent. You can use Session instead.
I am trying to assign a value to an item within the serialized object variable. How do I go about that? I have pasted below an excerpt of what the SESSION array looks like as key/value.
selected_region=18
delivery_region=18
cart=O:9:"cart":40:{s:16:"delivery_country";s:2:"US";s:16:"selected_country";s:2:"US";s:15:"delivery_region";s:2:"18";s:15:"selected_region";s:2:"18";s:24:"selected_shipping_method";s:9:"tablerate";s:24:"selected_shipping_option";s:10:"Table Rate";s:24:"selected_shipping_amount";d:8;s:6:"coupon";N;s:14:"tax_percentage";s:1:"0";s:9:"unique_id";s:40:"cdaa5a32e39b5470f21f43dd847e8cb1eb3d9327";s:6:"errors";a:0:{}s:9:"total_tax";i:0;s:13:"base_shipping";N;s:19:"total_item_shipping";N;s:14:"total_shipping";N;s:8:"subtotal";i:0;s:11:"total_price";N;s:13:"uses_shipping";N;s:13:"is_incomplete";b:1;s:10:"cart_items";a:0:{}s:9:"cart_item";O:14:"cart_item":34:
I am trying to assign say "selected_shipping_amount" to another value. How can I reach into that and assign it?
Thanks...
I think your only option is to unserialize it, assign the value and then serialize it again.
I am using the post and get methods for Ajax calls, and have a general question. There are two methods I've seen people use on the web:
Construct the URL and parameters by
hand
Use the data parameter
Both approaches work. I've included them below:
// Construct the POST URL by hand
queryStringDelimiter = "?";
settings.queryParam = "q";
$.post(settings.url + queryStringDelimiter + settings.queryParam + "=" + query, {}, callback, settings.contentType);
// Use the data param
$.post(settings.url, {q:query}, callback, settings.contentType);
Are there any situations where you would construct the URL and parameters by hand instead of using the built-in data parameter? Any advantages of one method over the other?
I'd say the data approach is better since it formalizes the process and reduces the chances of producing errors while string building. Besides, the JQuery library will do the string building for you so its basically the same amount of work.
No reason I can think of why one would construct them by hand unless they didn't know of the data parameter if there's more than 1 or 2 parameters, it's also cleaner to keep them separated so if you have to loop through the data object and possibly modify some values you'd just iterate over the object instead of parsing a string manually.
If you let jQuery concatenating the data in to the appropriately formatted string you...
avoid having to duplicate that code...
avoid worrying about escaping the data for transport...
can easily switch between GET and POST requests in the future...
Really, the only argument AGAINST using the data parameter is if you already have the data in a concatenated format.
If I am using a GET I tend to just construct the URL, but when using POST I use the data parameter.
I do it because it is closer to how I was doing ajax calls before jQuery, when I wrote everything myself.