Skip to content
Browse files

Update Getting Started Guide - Strong Parameters [ci skip]

	modified:   guides/source/
  • Loading branch information...
1 parent 2fc4793 commit 2b4fa6dd673983f3c463ccb70641d33aa12cc44a @AJ-Acevedo AJ-Acevedo committed with steveklabnik Jun 7, 2013
Showing with 11 additions and 4 deletions.
  1. +11 −4 guides/source/
15 guides/source/
@@ -531,21 +531,28 @@ and change the `create` action to look like this:
def create
- @post =[:post])
+ @post =
- redirect_to @post
+ redirect_to @post
+ def post_params
+ params.require(:post).permit(:title, :text)
+ end
Here's what's going on: every Rails model can be initialized with its
respective attributes, which are automatically mapped to the respective
database columns. In the first line we do just that (remember that
-`params[:post]` contains the attributes we're interested in). Then,
+`post_params` contains the attributes we're interested in). Then,
`` is responsible for saving the model in the database.
Finally, we redirect the user to the `show` action,
which we'll define later.
+TIP: Note that `def post_params` is private. This new approach prevents an attacker from setting the model's attributes by manipulating the hash passed to the model. For more information, refer to [this blog post about Strong Parameters](
TIP: As we'll see later, `` returns a boolean indicating
whether the model was saved or not.

0 comments on commit 2b4fa6d

Please sign in to comment.
Something went wrong with that request. Please try again.