ForbiddenAttributesError

11155 · December 13, 2015, 2:12pm

hi, i just create normal form and my form is diplays fine but when i am entering values in the field it will shown following error

ActiveModel::ForbiddenAttributesError Extracted source (around line #6):

4.end 5.def create 6.@student = Student.new(params[:student]) 7.if @student.save 8.redirect_to new_student_path 9.end

This is my controller

class StudentsController < ApplicationController def new @student = Student.new end def create @student = Student.new(params[:student]) if @student.save redirect_to new_student_path end end end

Colin_Law · December 13, 2015, 3:07pm

Have you worked right through the tutorial I suggested, including the exercises?

Colin

11155 · December 14, 2015, 4:25am

Colin Law wrote in post #1179879:

Tobias_Feistmantl · December 14, 2015, 8:09am

Hi!

Take a look into strong parameters.

Since Rails 4, you couldn’t just forward a complete params hash to your model. You could but you have to deactivate Strong Parameters before. Anyways, I highly recommend you to follow this practices since your approach opens a really big vulnerability.

For example:

You have an attribute “role” in your model. The user just have to add the attribute “role” to the parameters and is able to modify this protected attribute.

Happy coding

Topic		Replies	Views
Unpermitted Parameters 500 error rubyonrails-talk	1	329	January 16, 2014
Is it possible to toggle via web a boolean attribute which is not a strong parameter? rubyonrails-talk	0	219	August 15, 2016
unknown attribute: commit rubyonrails-talk	3	457	December 19, 2009
Form Data Injection - How to protect against? rubyonrails-talk	5	136	October 4, 2006
[ERROR] Unpermitted Parameters: profile (NestedAttributes) rubyonrails-talk	4	208	September 10, 2014

ForbiddenAttributesError

Related topics

More Resources