Thank you. On Tuesday, August 3, 2021 at 12:46:37 PM UTC-5 Jeremy Evans wrote:
> On Tue, Aug 3, 2021 at 9:39 AM [email protected] <[email protected]> wrote: > >> I have a many-to-many relationship between Books and Tags, with an >> intersection table of books_tags. >> >> I have an HTML form that lists tags as a SELECT (multiple), with a name >> of 'book[tags]'. >> >> I get an error when trying to update the Book model using mass assignment: >> >> class BookController >> >> post ':id/edit' do >> # method tags= doesn't exist >> @book = Book[params[:id]].update(params[:book]) >> end >> >> end >> >> Do I need to remove the :tags key from the parameter hash, then update >> the tags dependency separately? >> > > You probably want to look into the association_pks plugin, and switch the > name of the field to 'book[tag_pks]'. > > Note that update(params[:book]) is probably a bad idea, as then you are > allowing any fields in the model to be set (other than the restricted > fields). If you are dealing with untrusted input, it's almost always > better to use update_fields(params[:book], %w'field1 field2 ...') instead > and provide an explicit list of fields to set (matching the fields that are > on the related form). > > Thanks, > Jeremy > -- You received this message because you are subscribed to the Google Groups "sequel-talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/sequel-talk/91999163-db96-44bc-8117-a851f8410b9dn%40googlegroups.com.
