Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

backport efeb039 from #11201 fixes #11540 [ci skip]

  • Loading branch information...
commit 5ddb94de08d551d86831e622bfdcf3e81196b19a 1 parent bddb73e
@zzak zzak authored
Showing with 6 additions and 11 deletions.
  1. +6 −11 guides/source/getting_started.md
View
17 guides/source/getting_started.md
@@ -531,29 +531,20 @@ and change the `create` action to look like this:
```ruby
def create
- @post = Post.new(post_params)
+ @post = Post.new(params[:post])
@post.save
redirect_to @post
end
-
-private
- def post_params
- params.require(:post).permit(:title, :text)
- end
```
Here's what's going on: every Rails model can be initialized with its
respective attributes, which are automatically mapped to the respective
database columns. In the first line we do just that (remember that
-`post_params` contains the attributes we're interested in). Then,
+`params[:post]` contains the attributes we're interested in). Then,
`@post.save` is responsible for saving the model in the database.
Finally, we redirect the user to the `show` action,
which we'll define later.
-TIP: Note that `def post_params` is private. This new approach prevents an
-attacker from setting the model's attributes by manipulating the hash passed
-to the model. For more information, refer to [this blog post about Strong Parameters](http://weblog.rubyonrails.org/2012/3/21/strong-parameters/).
-
TIP: As we'll see later, `@post.save` returns a boolean indicating
whether the model was saved or not.
@@ -627,6 +618,10 @@ Visit <http://localhost:3000/posts/new> and give it a try!
![Show action for posts](images/getting_started/show_action_for_posts.png)
+TIP: Note that `def post_params` is private. This new approach prevents an
+attacker from setting the model's attributes by manipulating the hash passed
+to the model. For more information, refer to [this blog post about Strong Parameters](http://weblog.rubyonrails.org/2012/3/21/strong-parameters/).
+
### Listing all posts
We still need a way to list all our posts, so let's do that.
Please sign in to comment.
Something went wrong with that request. Please try again.