kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Merge pull request #11201 from jetthoughts/fix_create_post_example_in_getting_started

Browse source 
Improve Getting Started Guide
This commit is contained in:
Yves Senn 2013-07-05 03:00:46 -07:00
commit efeb03901f
1 changed files with 10 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
guides/source/getting_started.md
View file

@ -531,27 +531,19 @@ and change the `create` action to look like this:
```ruby
def create
@post = Post.new(post_params)
@post = Post.new(params[:post])
@post.save
redirect_to @post
end
private
def post_params
params.require(:post).permit(:title, :text)
end
```
Here's what's going on: every Rails model can be initialized with its
respective attributes, which are automatically mapped to the respective
database columns. In the first line we do just that (remember that
`post_params` contains the attributes we're interested in). Then,
`@post.save` is responsible for saving the model in the database.
Finally, we redirect the user to the `show` action,
which we'll define later.
TIP: Note that `def post_params` is private. This new approach prevents an attacker from setting the model's attributes by manipulating the hash passed to the model. For more information, refer to [this blog post about Strong Parameters](http://weblog.rubyonrails.org/2012/3/21/strong-parameters/).
database columns. In the first line we do just that
(remember that `params[:post]` contains the attributes we're interested in).
Then, `@post.save` is responsible for saving the model in the database.
Finally, we redirect the user to the `show` action, which we'll define later.
TIP: As we'll see later, `@post.save` returns a boolean indicating
whether the model was saved or not.
@ -631,6 +623,11 @@ Visit <http://localhost:3000/posts/new> and give it a try!
![Show action for posts](images/getting_started/show_action_for_posts.png)
TIP: Note that `def post_params` is private. This new approach prevents an attacker from
setting the model's attributes by manipulating the hash passed to the model.
For more information, refer to
[this blog post about Strong Parameters](http://weblog.rubyonrails.org/2012/3/21/strong-parameters/).
### Listing all posts
We still need a way to list all our posts, so let's do that.