This is something I have always suspected, but now I know for certain. If there is a posted value with the name ArticleID, a get value in the query string with the same name, and your action asks for "int ArticleID" then ASP.NET MVC 2 will give you the posted value and ignore the get value.
It makes good sense to me, but is nonetheless something every ASP.NET MVC developer should be aware of especially when dealing with security.
No comments:
Post a Comment