Saturday, December 17, 2011

AllowUnsafeUpdates in SharePoint 2010

Here we will discuss about What is AllowUnsafeUpdates in SharePoint 2010?

Also check out:

- Get all security group names using SharePoint object model

- Get icon for different file types in SharePoint 2010

- Twitter SharePoint webpart

According to msdn The AllowUnsafeUpdates property of the SPWeb class gets or sets a Boolean value that specifies whether to allow updates to the database as a result of a GET request or without requiring a security validation.

If you set it to true, then it will update values to the content database but there is a security risk.

It always took boolean values, TRUE means unsafe updates are allowed, FALSE means unsafe updates are not allowed.

If you are developing a webpage that will respond to HTTP GET requests, or a custom web form page that doesn’t inherit from the WebPartPage type and doesn’t use the Form Digest control, you will need to instruct SharePoint to skip the digest validation; otherwise, your code will not work.

For example if you want to change a list's title by using object model then you have use the
AllowUnsafeUpdates property as below.

SPWeb web = SPContext.Current.Web
SPList list = web.Lists["OurCustomList"];
web.AllowUnsafeUpdates = true;
list.Title = "My List Title Changed";
web.AllowUnsafeUpdates = false;
It is always advisable to revert the AllowUnsafeUpdates value to false after executing your code.

Remember if you inherit the page from WebPartPage class then no need to use AllowUnsafeUpdates.

No comments:

Post a Comment