[RUBY] About rails strong parameters

What are strong parameters?

Is the parameter sent from the web to the server the intended data? It is a mechanism to acquire and register after verification. __view file __

sample.html


<%= form_for @sample do |f| %>
 <div class="name_from">
   <%= f.text_field :name, placeholder: "Enter your username" %>
 </div>
 
<div class="addles_from">
   <%= f.text_field :addles, placeholder: "Enter your address" %>
 </div>
 
<div class="mail_from">
   <%= f.text_field :mail, placeholder: "Enter your email address" %>
 </div>

 <div class="actions">
  <%= f.submit %>
</div>
<% end %>

controller

sample_controller.rb


def index
end

def create
  Sample.create(sample_params)
end

private

def sample_params
  params.permit(:name, :mail)
end

Processing order The request parameters entered on the screen are hashed and passed to the controlr's action. I will omit it a lot, but this time, I will proceed assuming that the process is passed to the create action. When the process is passed to the __create action __, the __sample_params action __ is called in the action. In the __sample_params action __, the request parameter will only get the intended value. The __params.permit method __ is used. This __permit method __ is pretty important, and if you use this method, Gets only the intended request parameters, creates a new hash type, and returns a value in the create action. This time, it is easy to understand, and the argument of __permit method __ is only : name,: mail. The request parameters are __ {name: "aaa", addles: "Tokyo", mail: "bbb @ bbb"} __ It was sent to the server and the value of the request parameter was sent to the create action of the sample controller. Three parameters have been sent, but the only values I want are the values : name,: mail, so they were sent. __addles: "Tokyo" is played. __ In this way, in order to prevent unintended values from being transmitted, falsifying data, and registering illegal data, Strong parameters are required. Roughly speaking, strong parameters are such a mechanism to acquire only the intended parameters. By the way, the value of the parameter returned by the __permit method __ is like this. When sending (request parameter __ {name: "aaa", addles: "Tokyo", mail: "bbb @ bbb"} __

Return value after processing __permit method __ {name: "aaa", mail: "bbb@bbb"} It removes unnecessary parameters in this way and returns a new hash.

Recommended Posts

About rails strong parameters
About Rails 6
[Strong parameters]
About require when setting strong parameters
[Rails] Add strong parameters to devise
About Rails routing
About Rails controller
About RSpec (Rails)
[Rails] About migration files
[Rails] About active hash
About rails application server
About rails kaminari pagination
About rails version specification
Summary of strong parameters
MEMO about Rails 6 series
[Rails] About Slim notation
[rails] About devise defaults
Rails: About partial templates
[Beginner] About Rails Session
[Rails] How to get the contents of strong parameters
about the where method (rails)
Enable strong parameters in devise
[Ruby on Rails] about has_secure_password
About naming Rails model methods
[Rails] About scss folder structure
[Rails] About Rspec response test
About Rails scraping method Mechanize
[Rails] About the Punk List function
About the symbol <%%> in Rails erb
[Rails] About implementation of like function
[Rails] About helper method form_with [Basic]
About =
[Ruby on Rails] About bundler (for beginners)
[Rails 6.0] About batch saving of multiple records
[Ruby on Rails] About Active Record callbacks
Rails: A little summary about data types