diff options
| author | Yves Senn <yves.senn@gmail.com> | 2013-07-05 03:00:46 -0700 |
|---|---|---|
| committer | Yves Senn <yves.senn@gmail.com> | 2013-07-05 03:00:46 -0700 |
| commit | efeb03901f443186da4bd1d5748b27f3cf390d06 (patch) | |
| tree | afbfd3eff4905dcc2628d6c7a4bd6f3662bca193 /guides | |
| parent | 37aaaa7e70e7e4b1ebd3567ec6d026384350bd1e (diff) | |
| parent | 24ec5697c5ed132784ad5d7a591f391f5e141ace (diff) | |
| download | rails-efeb03901f443186da4bd1d5748b27f3cf390d06.tar.gz rails-efeb03901f443186da4bd1d5748b27f3cf390d06.tar.bz2 rails-efeb03901f443186da4bd1d5748b27f3cf390d06.zip | |
Merge pull request #11201 from jetthoughts/fix_create_post_example_in_getting_started
Improve Getting Started Guide
Diffstat (limited to 'guides')
| -rw-r--r-- | guides/source/getting_started.md | 23 |
1 files changed, 10 insertions, 13 deletions
diff --git a/guides/source/getting_started.md b/guides/source/getting_started.md index caa85b2ab0..c785fd1f8c 100644 --- a/guides/source/getting_started.md +++ b/guides/source/getting_started.md @@ -531,27 +531,19 @@ and change the `create` action to look like this: ```ruby def create - @post = Post.new(post_params) + @post = Post.new(params[:post]) @post.save redirect_to @post end - -private - def post_params - params.require(:post).permit(:title, :text) - end ``` Here's what's going on: every Rails model can be initialized with its respective attributes, which are automatically mapped to the respective -database columns. In the first line we do just that (remember that -`post_params` contains the attributes we're interested in). Then, -`@post.save` is responsible for saving the model in the database. -Finally, we redirect the user to the `show` action, -which we'll define later. - -TIP: Note that `def post_params` is private. This new approach prevents an attacker from setting the model's attributes by manipulating the hash passed to the model. For more information, refer to [this blog post about Strong Parameters](http://weblog.rubyonrails.org/2012/3/21/strong-parameters/). +database columns. In the first line we do just that +(remember that `params[:post]` contains the attributes we're interested in). +Then, `@post.save` is responsible for saving the model in the database. +Finally, we redirect the user to the `show` action, which we'll define later. TIP: As we'll see later, `@post.save` returns a boolean indicating whether the model was saved or not. @@ -631,6 +623,11 @@ Visit <http://localhost:3000/posts/new> and give it a try!  +TIP: Note that `def post_params` is private. This new approach prevents an attacker from +setting the model's attributes by manipulating the hash passed to the model. +For more information, refer to +[this blog post about Strong Parameters](http://weblog.rubyonrails.org/2012/3/21/strong-parameters/). + ### Listing all posts We still need a way to list all our posts, so let's do that. |