ForbiddenAttributesError

hi, i just create normal form and my form is diplays fine but when i am entering values in the field it will shown following error

ActiveModel::ForbiddenAttributesError Extracted source (around line #6):

4.end 5.def create 6.@student = Student.new(params[:student]) 7.if @student.save 8.redirect_to new_student_path 9.end

This is my controller

class StudentsController < ApplicationController    def new     @student = Student.new   end   def create     @student = Student.new(params[:student])     if @student.save       redirect_to new_student_path     end end end

Have you worked right through the tutorial I suggested, including the exercises?

Colin

Colin Law wrote in post #1179879:

Hi!

Take a look into strong parameters.

Since Rails 4, you couldn’t just forward a complete params hash to your model. You could but you have to deactivate Strong Parameters before. Anyways, I highly recommend you to follow this practices since your approach opens a really big vulnerability.

For example:

You have an attribute “role” in your model. The user just have to add the attribute “role” to the parameters and is able to modify this protected attribute.

Happy coding :slight_smile: