刪除 - 控制器部分

好的做法是抵制在 get 請求中執行刪除操作的誘惑。這將是一個巨大的安全錯誤,它必須始終在 post 方法中完成。

    // GET: Student/Delete/5
    public ActionResult Delete(int? id)
    {
        // it good practice to consider that things could go wrong so,it is wise to have a validation in the controller
        if (id == null)
        {
            // returns a bad request
            return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
        }

        // It finds the Student to be deleted.
        Student student = db.Students.Find(id);
        if (student == null)
        {
            // if doesn't found returns 404
            return HttpNotFound();
        }
        // Returns the Student data to show the details of what will be deleted.
        return View(student);
    }

    // POST: Student/Delete/5
    [HttpPost]

    //Represents an attribute that is used for the name of an action.
    [ActionName("Delete")]

    //used to To protect from overposting attacks more details see http://stackoverflow.com/documentation/asp.net-mvc/1997/html-antiforgerytoke
    [ValidateAntiForgeryToken]
    public ActionResult Delete(int id)
    {
        try
        {
            // Finds the student
            Student student = db.Students.Find(id);

            // Try to remove it
            db.Students.Remove(student);

            // Save the changes
            db.SaveChanges();
        }
        catch
        {
            //Log the error add a line here to write a log.
            ModelState.AddModelError("", "Unable to save changes. Try again, and if the problem persists, see your system administrator.");
        }

        // Returns an HTTP 302 response to the browser, which causes the browser to make a GET request to the specified action, in this case the index action.
        return RedirectToAction("Index");
    }