The second create action

Preparing the second create action method

Let us prepare the second create action method which will actually let the user create a new movie. But how is this called?

If you notice the last block of the Create.cshtml file, is has a button (input field):

<div class="form-group">
    <input type="submit" value="Create" class="btn btn-primary" />
</div>

This does the job of calling the second create method, which is an http POST call!

The current code in second create method

This is how the current code looks, which is a generic one emitted by the scaffolding. We need to modify it to be able to receive and process the movie info passed by the user via browser:

// POST: MoviesController/Create
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Create(IFormCollection collection)
{
    try
    {
        return RedirectToAction(nameof(Index));
    }
    catch
    {
        return View();
    }
}

Modify the code as shown below

// POST: MoviesController/Create
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Create(Movie movie)
{
    if (ModelState.IsValid)
    {
        //todo: code to add movie
        return RedirectToAction(nameof(Index));
    }
    //send back what the user entered and don't present a blank form again!
    return View(movie);
}

Note the following in this code:

• The method is accepting a movie object. So, we need the right name spaces for using this model.

• ModelState is an object inherited from the controller base. We are checking if the passed object is valid.

• If it is invalid, we need to send it back. So that the user will reenter the data.

• If it is valid, we need to add the same to our collection. And then, Return back to the index view.

The movie object which the create action method is expecting is created by the framework by extracting the HTML form elements, this process is called binding.

Let us further modify the code

Let us save the movie in the fake context and also do some safety checks as shown:

// POST: MoviesController/Create
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Create([Bind("Id,Title,ReleaseDate,Genre,Price")] Movie movie)
{
    if (ModelState.IsValid)
    {
        _context.Add(movie);
        return RedirectToAction(nameof(Index));
    }
    //send back what the user entered and don't present a blank form again!
    return View(movie);
}

Note

• The [HttpPost] attribute is required because we need to differentiate it from the get version of the create action

• To protect from overposting attacks, enable the specific properties you want to bind to. For more details, see http://go.microsoft.com/fwlink/?LinkId=317598

• Also, we need to protect are endpoints from cross site forgery attacks. You can read more about it here:

Cross Site Request Forgery (CSRF) | OWASP Foundationowasp.org

We need to now implement the add method in our fake context as shown:

Implement add method in fake context

Add a method in the fake context class as shown below:

public void Add(Movie movie) => Movie.Add(movie);

The new movie information will not be persisted since we are not using a database. If we still want persist data (at least temporarily) without a database, we can make the required class, methods and movie collection static!