aboutsummaryrefslogtreecommitdiffstats
path: root/guides/source/getting_started.md
diff options
context:
space:
mode:
Diffstat (limited to 'guides/source/getting_started.md')
-rw-r--r--guides/source/getting_started.md17
1 files changed, 12 insertions, 5 deletions
diff --git a/guides/source/getting_started.md b/guides/source/getting_started.md
index beb51c7161..393ed671b0 100644
--- a/guides/source/getting_started.md
+++ b/guides/source/getting_started.md
@@ -64,7 +64,7 @@ Creating a New Rails Project
The best way to use this guide is to follow each step as it happens, no code or
step needed to make this example application has been left out, so you can
literally follow along step by step. You can get the complete code
-[here](https://github.com/lifo/docrails/tree/master/guides/code/getting_started).
+[here](https://github.com/rails/docrails/tree/master/guides/code/getting_started).
By following along with this guide, you'll create a Rails project called
`blog`, a
@@ -531,21 +531,28 @@ and change the `create` action to look like this:
```ruby
def create
- @post = Post.new(params[:post])
-
+ @post = Post.new(post_params)
+
@post.save
redirect_to @post
end
+
+private
+ def post_params
+ params.require(:post).permit(:title, :text)
+ end
```
Here's what's going on: every Rails model can be initialized with its
respective attributes, which are automatically mapped to the respective
database columns. In the first line we do just that (remember that
-`params[:post]` contains the attributes we're interested in). Then,
+`post_params` contains the attributes we're interested in). Then,
`@post.save` is responsible for saving the model in the database.
Finally, we redirect the user to the `show` action,
which we'll define later.
+TIP: Note that `def post_params` is private. This new approach prevents an attacker from setting the model's attributes by manipulating the hash passed to the model. For more information, refer to [this blog post about Strong Parameters](http://weblog.rubyonrails.org/2012/3/21/strong-parameters/).
+
TIP: As we'll see later, `@post.save` returns a boolean indicating
whether the model was saved or not.
@@ -1655,7 +1662,7 @@ Two very common sources of data that are not UTF-8:
in the browser. This also applies to your i18n translation files.
Most editors that do not already default to UTF-8 (such as some versions of
Dreamweaver) offer a way to change the default to UTF-8. Do so.
-* Your database. Rails defaults to converting data from your database into UTF-8 at
+* Your database: Rails defaults to converting data from your database into UTF-8 at
the boundary. However, if your database is not using UTF-8 internally, it may not
be able to store all characters that your users enter. For instance, if your database
is using Latin-1 internally, and your user enters a Russian, Hebrew, or Japanese
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-04 02:14:29 +0000