Roy Huang4,367 Points
When do we need to use strong params?
Hello I was on Rails track and now trying to build a todo list.
When I was trying to mark item as complete, I have a method call complete in my todo_item controllers. It has to update attribute:complete_at, like below
def complete @todo_item = @todo_list.todo_items.find(params[:id]) @todo_item.update_attribute(:completed_at, Time.now) redirect_to todo_list_todo_items_path, notice: "Todo item marked as complete." end
however, since it update the attribute, why doesn't it need a strong params methods for it? I don't know when and howe do I use it.
Thanks in advance.
Maciej Czuchnowski36,429 Points
This method finds one object and modifies (updates) one particular property on that particular object directly. Strong parameters are necessary if updated properties (or properties of a newly created object) come from some external sources - like forms - as hashes and are mass-assigned in one go. So basically, whenever you're creating or editing things through forms, you need to pass them through strong parameters (i.e. enable mass-assignment; otherwise they will be saved in the database as nil or not updated at all).