Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Roy Huang
4,367 PointsWhen do we need to use strong params?
Hello I was on Rails track and now trying to build a todo list.
When I was trying to mark item as complete, I have a method call complete in my todo_item controllers. It has to update attribute:complete_at, like below
def complete
@todo_item = @todo_list.todo_items.find(params[:id])
@todo_item.update_attribute(:completed_at, Time.now)
redirect_to todo_list_todo_items_path, notice: "Todo item marked as complete."
end
however, since it update the attribute, why doesn't it need a strong params methods for it? I don't know when and howe do I use it.
Thanks in advance.
1 Answer
Maciej Czuchnowski
36,441 PointsThis method finds one object and modifies (updates) one particular property on that particular object directly. Strong parameters are necessary if updated properties (or properties of a newly created object) come from some external sources - like forms - as hashes and are mass-assigned in one go. So basically, whenever you're creating or editing things through forms, you need to pass them through strong parameters (i.e. enable mass-assignment; otherwise they will be saved in the database as nil or not updated at all).
Maciej Czuchnowski
36,441 PointsMaciej Czuchnowski
36,441 PointsI think this should explain the point a bit: http://www.lynda.com/Ruby-Rails-tutorials/Mass-assignment-strong-parameters/139989/159116-4.html