Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

use strong_params in example

  • Loading branch information...
commit 760662de868c0311f2e40a5e6f8982a521a3d990 1 parent bae07dc
@Mik-die Mik-die authored
Showing with 6 additions and 1 deletion.
  1. +6 −1 guides/source/engines.md
View
7 guides/source/engines.md
@@ -393,10 +393,15 @@ The form will be making a `POST` request to `/posts/:post_id/comments`, which wi
```ruby
def create
@post = Post.find(params[:post_id])
- @comment = @post.comments.create(params[:comment])
+ @comment = @post.comments.create(comment_params)
flash[:notice] = "Comment has been created!"
redirect_to posts_path
end
+
+private
+def comment_params
+ params.require(:comment).permit(:text)
+end
```
This is the final part required to get the new comment form working. Displaying the comments however, is not quite right yet. If you were to create a comment right now you would see this error:
Please sign in to comment.
Something went wrong with that request. Please try again.