This project is read-only.

A question in Using Data Annotations

Dec 27, 2010 at 11:17 AM

Hi there, I have a question in Using Data Annotations.


in fllowing code:

namespace MvcMusicStore.Models
    public partial class Album
        // Validation rules for the Album class
        [Bind(Exclude = "AlbumId")]
        public class AlbumMetaData
            public object AlbumId { get; set; }
            public object GenreId { get; set; }
            public object ArtistId { get; set; }
            [Required(ErrorMessage = "An Album Title is required")]
            public object Title { get; set; }
            [DisplayName("Album Art URL")]
            public object AlbumArtUrl { get; set; }
            [Required(ErrorMessage = "Price is required")]
            [Range(0.01, 100.00, ErrorMessage = "Price must be between 0.01 and 100.00")]
            public object Price { get; set; }


what does "[Bind(Exclude = "AlbumId, Price")]" mean? I think it means to exclude the AlbumId property, if this is true, why we still define the ScaffoldColumn(false) attribute?


Thanks for your help!

Dec 27, 2010 at 8:21 PM

Great question!

The ScaffoldColumn attribute is used to control whether values are shown on display templates and edit fields are shown on editor templates. Setting ScaffoldColumn(false) means that the user won't be be shown the value.

However, a malicious user could still tamper with the form and post additional information that we weren't expected. The Bind attribute allows us to specifiy a list of Included and Excluded fields which are used during binding. Brad Wilson (one of the ASP.NET MVC developers) has a great explanation of this in his post on Input Validation vs. Model Validation in ASP.NET MVC - see the section on "The Over-Posting Problem" -

ScaffoldColumn is concerned with what is displayed to the user, whereas Bind is concerned with accepting input from the user. Make sense?


Dec 28, 2010 at 4:45 AM

Thank for your quickly response! I have a bit got it.

[Bind(Exclude = "AlbumId")] disable the bind in Server Side, and [ScaffoldColumn(false)] parsed by MVC Framewrok and avoid to put to Client side?
If I deleted the field in view(aspx), it also can make this field hide in Client, so is it [ScaffoldColumn(false)] not very necessary?

 Just let me think for a while....