ForbiddenAttributesError

hi,
i just create normal form and my form is diplays fine but when i am
entering values in the field it will shown following error

ActiveModel::ForbiddenAttributesError
Extracted source (around line #6):

4.end
5.def create
6.@student = Student.new(params[:student])
7.if @student.save
8.redirect_to new_student_path
9.end

This is my controller

class StudentsController < ApplicationController
   def new
    @student = Student.new
  end
  def create
    @student = Student.new(params[:student])
    if @student.save
      redirect_to new_student_path
    end
end
end

Have you worked right through the tutorial I suggested, including the exercises?

Colin

Colin Law wrote in post #1179879:

Hi!

Take a look into strong parameters.

Since Rails 4, you couldn’t just forward a complete params hash to your model. You could but you have to deactivate Strong Parameters before. Anyways, I highly recommend you to follow this practices since your approach opens a really big vulnerability.

For example:

You have an attribute “role” in your model. The user just have to add the attribute “role” to the parameters and is able to modify this protected attribute.

Happy coding :slight_smile: