How todiffer if params are set through form or through url
10 views
Skip to first unread message
Damjan Rems
Apr 14, 2013, 12:13:11 PM4/14/13
to rubyonra...@googlegroups.com
Is there a way to differ if params are set through form submit:
<%= form_tag action: 'login', method: :put do %>
<%= text_field('record','username') %>
<%= password_field('record','password') %>
<%= submit_tag %>
or through url
http://some.site/login?record[username]=user&record[password]=pwd
In both cases they appear in controller as params[:record][:user] and
params[:record][:password]
The idea is to prevent the second scenario.
by
TheR
--
Posted via http://www.ruby-forum.com/.
<%= form_tag action: 'login', method: :put do %>
<%= text_field('record','username') %>
<%= password_field('record','password') %>
<%= submit_tag %>
or through url
http://some.site/login?record[username]=user&record[password]=pwd
In both cases they appear in controller as params[:record][:user] and
params[:record][:password]
The idea is to prevent the second scenario.
by
TheR
--
Posted via http://www.ruby-forum.com/.
Colin Law
Apr 14, 2013, 12:21:58 PM4/14/13
to rubyonra...@googlegroups.com
On 14 April 2013 17:13, Damjan Rems <li...@ruby-forum.com> wrote:
> Is there a way to differ if params are set through form submit:
>
> <%= form_tag action: 'login', method: :put do %>
> <%= text_field('record','username') %>
> <%= password_field('record','password') %>
> <%= submit_tag %>
>
> or through url
>
> http://some.site/login?record[username]=user&record[password]=pwd
>
> In both cases they appear in controller as params[:record][:user] and
> params[:record][:password]
The second one will appear as a GET, not a POST.
> Is there a way to differ if params are set through form submit:
>
> <%= form_tag action: 'login', method: :put do %>
> <%= text_field('record','username') %>
> <%= password_field('record','password') %>
> <%= submit_tag %>
>
> or through url
>
> http://some.site/login?record[username]=user&record[password]=pwd
>
> In both cases they appear in controller as params[:record][:user] and
> params[:record][:password]
Colin
Frederick Cheung
Apr 15, 2013, 3:18:43 AM4/15/13
to rubyonra...@googlegroups.com
On Sunday, April 14, 2013 5:13:11 PM UTC+1, Ruby-Forum.com User wrote:
> Is there a way to differ if params are set through form submit:
>
> Is there a way to differ if params are set through form submit:
>
> or through url
>
> http://some.site/login?record[username]=user&record[password]=pwd
>
> In both cases they appear in controller as params[:record][:user] and
>
> params[:record][:password]
>
> The idea is to prevent the second scenario.
>
If I only wanted an action to be accessible via the put method, I'd setup the corresponding route(s) to enforce that for me (ie don't use match, use the verb you actually expect)>
> http://some.site/login?record[username]=user&record[password]=pwd
>
> In both cases they appear in controller as params[:record][:user] and
>
> params[:record][:password]
>
> The idea is to prevent the second scenario.
>
Fred
Reply all
Reply to author
Forward
0 new messages