Passing GET request parameters

Question

Watching lectures on rails, the question arose:
Here, for example, juzver sent such a request:

http://exmaple.com/find/?id[id]=1&id[hacker]=awesome_hacker

while I write in the Users.find(params.id) code Users.find(params.id) , then all parameters will be passed to the model.
How to avoid it? If I write User.find(params.require(:id)) , nothing will change.

Answer 1 · 2014-07-07T19:24:13

params[:id][:id] ?

Vladimir Gordeev

4,683 1 golden mark 17 silver marks 37 bronze marks

Do not quite understand you. The problem is that id is not an object, but there can only be a number, how can we filter the data for this? Or just put the filter in the model? - Arc
Then the problem is what you send, not how you handle it. Show the form, so that there. - Vladimir Gordeev

|

Vetal4eg Vetal4eg 1,572 1 golden mark 11 silver marks 18 bronze marks · Answer 2 · 2016-01-02T17:15:39

The question is quite interesting.

params is not just a hash, but an object of a particular class.

require gets the hash value by key.

permit determines the allowed parameters in the resource to transfer their values to the controller. We specify only what we want to receive. If the hacker is not specified here, the controller will not process it.

Everything you need to know about the routes, params and forms in the rails
ActionController :: Parameters

Passing GET request parameters

2 answers 2

More articles: