# The second create action

## Preparing the second create action method

Let us prepare the second create action method which will actually let the user create a new movie. But how is this called?

If you notice the last block of the Create.cshtml file, is has a button (input field):

```cshtml
<div class="form-group">
    <input type="submit" value="Create" class="btn btn-primary" />
</div>
```

This does the job of calling the second create method, which is an http POST call!

### The current code in second create method

This is how the current code looks, which is a generic one emitted by the scaffolding. We need to modify it to be able to receive and process the movie info passed by the user via browser:

```csharp
// POST: MoviesController/Create
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Create(IFormCollection collection)
{
    try
    {
        return RedirectToAction(nameof(Index));
    }
    catch
    {
        return View();
    }
}
```

### Modify the code as shown below

```csharp
// POST: MoviesController/Create
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Create(Movie movie)
{
    if (ModelState.IsValid)
    {
        //todo: code to add movie
        return RedirectToAction(nameof(Index));
    }
    //send back what the user entered and don't present a blank form again!
    return View(movie);
}
```

Note the following in this code:

* The method is accepting a movie object. So, we need the right name spaces for using this model.
* ModelState is an object inherited from the controller base. We are checking if the passed object is valid.
* If it is invalid, we need to send it back. So that the user will reenter the data.
* If it is valid, we need to add the same to our collection. And then, Return back to the index view.

{% hint style="info" %}
The movie object which the `create` action method is expecting is created by the framework by extracting the HTML form elements, this process is called binding.
{% endhint %}

### Let us further modify the code&#x20;

Let us save the movie in the fake context and also do some safety checks as shown:

```csharp
// POST: MoviesController/Create
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Create([Bind("Id,Title,ReleaseDate,Genre,Price")] Movie movie)
{
    if (ModelState.IsValid)
    {
        _context.Add(movie);
        return RedirectToAction(nameof(Index));
    }
    //send back what the user entered and don't present a blank form again!
    return View(movie);
}
```

**Note**

* The \[HttpPost] attribute is required because we need to differentiate it from the get version of the create action
* To protect from overposting attacks, enable the specific properties you want to bind to. For more details, see <http://go.microsoft.com/fwlink/?LinkId=317598>
* Also, we need to protect are endpoints from cross site forgery attacks. You can read more about it here:&#x20;

{% embed url="<https://owasp.org/www-community/attacks/csrf>" %}

### We need to now implement the add method in our fake context as shown:

#### Implement add method in fake context

Add a method in the fake context class as shown below:

```csharp
public void Add(Movie movie) => Movie.Add(movie);
```

{% hint style="danger" %}
The new movie information will not be persisted since we are not using a database. If we still want persist data (at least temporarily) without a database, we can make the required class, methods and movie collection **static**!
{% endhint %}