Rails Permitting Parameters

3
votes

In Rails 4, typically I would only permit certain parameters when a form is submitted by declaring a private function with the following code:

params.require(:object).permit(:name, :email, :phone)

However, I'm using form_tag instead of form_for and therefore each field is submitted in the params hash. As I'm not a ruby/rails expert, what's the best way to permit these parameters in an efficient way?

Is this right?

params.require(:params).permit(:name, :email, :phone)
2
ruby-on-railsruby-on-rails-4
i think you could answer your own question here. Did it work when you tried to use that? If so, then it is right! :)ddavison
you can safely remove the require(:params)Damien
Please answer as correct if it helped you. thx :)BvuRVKyUVlViVIc7

2 Answers

4
votes

I think this is the correct solution:

params.permit(:name, :email, :phone)
1
votes

You can alter the params.permit line like Lichtamberg suggested, however depending on your implementation, you might break other other routes (especially the RESTful ones). If this is the only page that behaves like this (with the form_tag), one thing you can do is alter the form inputs to match the structure of a regular form_for form by passing in the name of the variable, like so:

<%= label_tag :object, :name %>
<%= text_field_tag :object, :name %>

This then results in a parameter map that looks like: 

{
    :object => {
        :name => "tommyd456",
        :email => "[email protected]"
        ...etc ...etc

Which is then perfectly valid for the original params.require(:object) line.

Check out this link from the Rails documentation for more info.