ForbiddenAttributesError

[Naresh Jilla]

hi,
i just create normal form and my form is diplays fine but when i am
entering values in the field it will shown following error

ActiveModel::ForbiddenAttributesError
Extracted source (around line #6):


4.end
5.def create
6.@student = Student.new(params[:student])
7.if @student.save
8.redirect_to new_student_path
9.end

This is my controller

class StudentsController < ApplicationController
def new
@student = Student.new
end
def create
@student = Student.new(params[:student])
if @student.save
redirect_to new_student_path
end
end
end

--
Posted via http://www.ruby-forum.com/.

[Colin Law]

On 13 December 2015 at 14:12, Naresh Jilla <li...@ruby-forum.com> wrote:
> hi,
> i just create normal form and my form is diplays fine but when i am
> entering values in the field it will shown following error
>
> ActiveModel::ForbiddenAttributesError
> Extracted source (around line #6):

Have you worked right through the tutorial I suggested, including the exercises?

Colin

[Naresh Jilla]

Colin Law wrote in post #1179879:

yes sir with that basic only i am design this form evrey thing is fine
but at last i got this error....

[Tobias Feistmantl]

Hi!

Take a look into strong parameters.

Since Rails 4, you couldn't just forward a complete params hash to your model. You could but you have to deactivate Strong Parameters before. Anyways, I highly recommend you to follow this practices since your approach opens a really big vulnerability.

For example:

You have an attribute "role" in your model. The user just have to add the attribute "role" to the parameters and is able to modify this protected attribute.

Happy coding :)