Hi! Take a look into strong parameters <http://api.rubyonrails.org/classes/ActionController/Parameters.html>.
Since Rails 4, you couldn't just forward a complete params hash to your model. You could but you have to deactivate Strong Parameters before. Anyways, I highly recommend you to follow this practices since your approach opens a really big vulnerability. For example: You have an attribute "role" in your model. The user just have to add the attribute "role" to the parameters and is able to modify this protected attribute. Happy coding :) On Sunday, 13 December 2015 15:50:41 UTC+1, Ruby-Forum.com User wrote: > > hi, > i just create normal form and my form is diplays fine but when i am > entering values in the field it will shown following error > > ActiveModel::ForbiddenAttributesError > Extracted source (around line #6): > > > 4.end > 5.def create > 6.@student = Student.new(params[:student]) > 7.if @student.save > 8.redirect_to new_student_path > 9.end > > This is my controller > > class StudentsController < ApplicationController > def new > @student = Student.new > end > def create > @student = Student.new(params[:student]) > if @student.save > redirect_to new_student_path > end > end > end > > -- > Posted via http://www.ruby-forum.com/. > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/ec44edeb-1bab-4127-9ee7-bde99b00987a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
