Is there a way to differ if params are set through form submit:
<%= form_tag action: 'login', method: :put do %>
<%= text_field('record','username') %>
<%= password_field('record','password') %>
<%= submit_tag %>
or through url
http://some.site/login?record[username]=user&record[password]=pwd
In both cases they appear in controller as params[:record][:user] and
params[:record][:password]
The idea is to prevent the second scenario.
by
TheR
The second one will appear as a GET, not a POST.
Colin
Is there a way to differ if params are set through form submit:
or through url
http://some.site/login?record[username]=user&record[password]=pwd
In both cases they appear in controller as params[:record][:user] and
params[:record][:password]
The idea is to prevent the second scenario.
If I only wanted an action to be accessible via the put method, I'd setup the corresponding route(s) to enforce that for me (ie don't use match, use the verb you actually expect)
Fred
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks