I am getting the below error and unsure how to correct it - your help would be much appreciated.
when at a users show page, i do not get the error, but when at for example at any other page...such as the events index.html page the error displays
No route matches {:action=>"update", :controller=>"friendships", :friend_id=>#<User id: 5, email: "ian#gmail.com"
expanded error in terminal
Started GET "/events" for ::1 at 2016-12-17 12:44:43 +0000
Processing by EventsController#index as HTML
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT 1 [["id", 4]]
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 4]]
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."email" IS NULL LIMIT 1
Subscription Load (0.1ms) SELECT "subscriptions".* FROM "subscriptions" WHERE "subscriptions"."title" = ? LIMIT 1 [["title", "premium"]]
User Load (0.1ms) SELECT "users".* FROM "users" INNER JOIN "friendships" ON "users"."id" = "friendships"."friend_id" WHERE "friendships"."user_id" = ? AND "friendships"."status" = ? [["user_id", 4], ["status", "requested"]]
(0.2ms) SELECT COUNT(*) FROM "users" INNER JOIN "friendships" ON "users"."id" = "friendships"."friend_id" WHERE "friendships"."user_id" = ? AND "friendships"."status" = ? [["user_id", 4], ["status", "requested"]]
Rendered shared/_content_dropdownbox_friendrequest.html.erb (4.8ms)
Rendered shared/_header.html.erb (10.7ms)
Rendered events/index.html.erb within layouts/application (11.8ms)
Completed 500 Internal Server Error in 23ms
ActionController::UrlGenerationError - No route matches {:action=>"update", :controller=>"friendships", :friend_id=>#<User id: 5, email: "ian#gmail.com", encrypted_password: "$2a$10$PMO5FPBzjjnFHI/ye8rfP.ONtHP3gagXomj1sbruBXH..."
route file
Rails.application.routes.draw do
resources :friendships, only: [:create, :update, :destroy]
devise_for :users
resources :users
end
views/shared/_content_dropdownbox_friendrequest.html.erb
<ul>
<% current_user.requested_friends.each do |requester| %>
<li>
<%= link_to(image_tag(requester.image_url, :alt => "image", :class =>"#", id: ""), user_path(requester)) %>
<%= link_to truncate("#{requester.firstname} #{requester.lastname}", length: 23), user_path(requester) %>
<%= link_to 'Accept', friendship_path(user_id: current_user, friend_id: requester), controller: "friendships", action: "update", method: :put %>
<%= link_to 'Decline', friendship_path(user_id: current_user, friend_id: requester), controller: "friendships", action: "decline", method: :delete %>
</li>
<div class="clear"></div>
<% end %>
</ul>
frienships_controller
class FriendshipsController < ApplicationController
before_action :authenticate_user!
before_filter :setup_friends
# Sends a friend request.
# We'd rather call this "request", but that's not allowed by Rails.
def create
Friendship.request(#user, #friend)
flash[:notice] = "Request sent."
redirect_to :back
end
# Accepts a friend request.
# We'd rather call this "accept", but that's not allowed by Rails.
def update
#user = User.friendly.find(params[:user_id])
#friend = User.friendly.find(params[:friend_id])
if #user.requested_friends.include?(#friend)
Friendship.accept(#user, #friend)
flash[:notice] = "Connection with #{#friend.firstname} accepted!"
else
flash[:notice] = "No connect request from #{#friend.firstname}."
end
redirect_to :back
end
def destroy
#user = User.friendly.find(params[:user_id])
#friend = User.friendly.find(params[:friend_id])
if #user.requested_friends.include?(#friend) #decline
Friendship.breakup(#user, #friend)
redirect_to :back
elsif #user.pending_friends.include?(#friend) #cancel
Friendship.breakup(#user, #friend)
redirect_to :back
elsif #user.friends.include?(#friend) #delete
Friendship.breakup(#user, #friend)
redirect_to :back
end
end
private
def setup_friends
#user = User.find(current_user.id)
#friend = User.find_by_email(params[:id])
end
end
i am unsure how to solve the error, i tried something like the below but does not work:
<span>
<%= form_for friendship, url: friendship_path(requester), method: :put do |f| %>
<%= f.hidden_field :user_id, value: current_user.id %>
<%= f.hidden_field :friend_id, value: requester.id %>
<%= submit_tag "Accept_test", controller: "friendships", action: "update", class: "btn btn_add_friend" %>
<% end %>
</span>
update controller is waiting for an id parameter, while the only parameters you pass are user_id and friend_id.
You can change your routes to the following
resources :friendships, only: [:create, :destroy] do
collection do
put :update
end
end
Related
I'm ripping my hair out with this one. I am getting an unpermitted params on a form_with with a nested resource. I am using Rails 5.2.1 and Ruby 2.5.
I am not sure where in the world I am going wrong with this. I have tried all sorts of variations of site_params but to no luck. Any help would be appreciated.
Here's my routes.rb:
resources :locations do
post 'sites', to: 'sites#custom_create', as: :site_custom
resources :sites, except: [:edit, :update, :show]
end
And the relevant Controller Functions:
def new
verify_site_name or return
#site = #location.sites.new
authorize #site
#available_site = AvailableSite.find_by(site_name: params[:site_name])
#finder_results = get_finder_results([:site_name], #location)
end
def create
verify_site_name or return
#site = #location.sites.new(site_params)
authorize #site
respond_to do |format|
if #site.save
format.html { redirect_to location_sites_path, notice: 'Location was successfully created.' }
format.json { render :show, status: :created, site: #site }
else
format.html { redirect_to location_sites_path, alert: "#{#site.errors.full_messages.first}" }
format.json { render json: #site.errors, status: :unprocessable_entity }
end
end
end
# Never trust parameters from the scary internet, only allow the white list through.
def site_params
params.permit(:location_id, :place_id, :site_name, :review_url)
end
# Use callbacks to share common setup or constraints between actions.
def set_site
#site = Site.find(params[:id])
end
def set_location
#location = Location.friendly.find(params[:location_id])
end
And of course, the form itself:
<%= form_with(model: [#location, #site], local: true, class: 'site-form') do |form| %>
<%= hidden_field_tag(:site_name, #available_site.site_name) %>
<div class="field md:w-3/4 lg:w-2/3 mx-auto text-left">
<%= form.text_field :review_url, class: 'text-input', placeholder: 'https://www.facebook.com/yourbusinessname/review/?ref=page_internal' %>
<span class="form-required">*required</span>
</div>
<%= form.submit "Manually Submit #{#available_site.site_name.titleize}", class: 'btn btn-green btn-outline' %>
<% end %>
And lastly, the log:
Started POST "/locations/tekamar-mortgages-ltd/sites" for 127.0.0.1 at 2018-12-03 15:30:57 +0000
Processing by SitesController#custom_create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"l/DjkUbVNyw+nrXxo1B/9IGru043Ftroxy8FcuNcZuxmJ7V3j0gC8njm5kpGPT8c7tMWSaAR/ler3cSHY+t8aA==", "site"=>{"site_name"=>"google", "review_url"=>"https://www.yelp.ca/biz/your-busines-sname?utm_campaign=www_business_share_popup&utm_medium=copy_link&utm_source=(direct)"}, "commit"=>"Create Site", "location_id"=>"tekamar-mortgages-ltd"}
Location Load (0.8ms) SELECT "locations".* FROM "locations" WHERE "locations"."slug" = $1 LIMIT $2 [["slug", "tekamar-mortgages-ltd"], ["LIMIT", 1]]
↳ app/controllers/sites_controller.rb:78
User Load (1.9ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["id", 1], ["LIMIT", 1]]
↳ /Users/richsmith/.rvm/gems/ruby-2.5.1/gems/activerecord-5.2.1/lib/active_record/log_subscriber.rb:98
Unpermitted parameters: :utf8, :authenticity_token, :site, :commit
Redirected to http://localhost:3000/locations/tekamar-mortgages-ltd/sites
Completed 302 Found in 13ms (ActiveRecord: 2.6ms)
Try:
def site_params
params.require(:site).permit(:location_id, :place_id, :site_name, :review_url)
end
Params for site are nested in params[:site]. You should first take this hash out of all the params, and then call permit on it. Right now you're sanitizing all the params (that include some stuff you're clearly not interested in, as utf8 or authenticity_token).
The following loop shows each comment associated to the specific item and lets the comment owner(user) to edit or delete a comment. This works just fine.
Now I would the admin to be able to delete a comment. The only problem is that when I click on the delete... all of the comments associated to the specific item get deleted and not just that one.
Any idea how to fix this?
<% #comments.each do |comment| %>
<% if current_user == comment.user %>
<%= link_to "Delete", destroy_item_comment_path(comment.item_id, comment.id),
method: :delete, data: { confirm: I18n.t("comment_delete_alert")}, :class=>"glyphicon glyphicon-trash" %>
<% elsif current_admin %>
<%= link_to "Delete", admin_destroy_item_comment_path(comment.item_id, comment.id),
method: :delete, data: { confirm: I18n.t("comment_delete_alert")}, :class=>"glyphicon glyphicon-trash" %>
<% end %>
<% end %>
controller method:
before_action :find_comment, only: [:destroy]
def destroy
#comment.destroy
redirect_back(fallback_location: root_path)
flash[:notice] = "Comment has been deleted"
end
def find_comment
#comment = #item.comments.find(params[:id])
end
Update 1
server logs when deleting a comment as an admin
Comment Load (0.9ms) SELECT "comments".* FROM "comments" WHERE "comments"."user_id" = $1 [["user_id", 213]]
(0.2ms) BEGIN
SQL (0.4ms) DELETE FROM "comments" WHERE "comments"."id" = $1 [["id", 14]]
SQL (0.4ms) DELETE FROM "comments" WHERE "comments"."id" = $1 [["id", 15]]
SQL (0.3ms) DELETE FROM "comments" WHERE "comments"."id" = $1 [["id", 16]]
(1.2ms) COMMIT
Completed 302 Found in 14123ms (ActiveRecord: 36.3ms)
My hunch is that your routes are not configured properly. You can hit
rails routes
to check admin_delete_comment_path configuration.
Try changing
admin_destroy_item_comment_path(comment.item_id,comment.id)
to:
destroy_item_comment_path(commend.item_id, comment.id)
I'm building a facebook clone, and I'm trying to have a text area on each user's page to allow them to make posts. I've tried a whole bunch of different things with no success, but right now I am getting this error when trying to access the user's show page:
First argument in form cannot contain nil or be empty
with this code:
Rails.application.routes.draw do
resources :friends, only: [:index, :destroy]
resources :posts
resources :friend_requests
devise_for :users
devise_scope :user do
root 'devise/sessions#new'
end
resources :users, only: [:index, :show] do
resources :posts
end
get 'about', to: 'static_pages#about'
# For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
end
_post_form.html.erb
<%= form_for [#user, #post] do |f| %>
<%= f.text_area :content, size: "60x12", placeholder: "What do you want to say?" %>
<%= f.submit "Post" %>
<% end %>
class PostsController < ApplicationController
def index
#posts = Post.all
end
def new
#post = Post.new
#user = User.find(params[:user_id])
end
def create
#post = current_user.posts.build(post_params)
if #post.save
flash[:success] = "Posted!"
redirect_to user_path(current_user)
else
flash[:notice] = "Post could not be submitted"
redirect_to users_path
end
end
private
def post_params
params.require(:post).permit(:content)
end
end
class UsersController < ApplicationController
def index
#users = User.all
end
def show
#user = User.find(params[:id])
end
end
users/show.html.erb
<h4>You are signed in as <%= current_user.email %>! </h4>
<% if #user == current_user %>
<%= render "notifications" %>
<%= render 'shared/post_form' %>
<% end %>
<%= params.inspect %>
<%= current_user.id %>
server log:
Processing by UsersController#show as HTML
Parameters: {"id"=>"4"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["id", 4], ["LIMIT", 1]]
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 4], ["LIMIT", 1]]
Rendering users/show.html.erb within layouts/application
FriendRequest Load (0.5ms) SELECT "friend_requests".* FROM "friend_requests" WHERE "friend_requests"."friend_id" = $1 ORDER BY "friend_requests"."id" ASC LIMIT $2 [["friend_id", 4], ["LIMIT", 1000]]
Rendered users/_notifications.html.erb (2.0ms)
Rendered shared/_post_form.html.erb (3.0ms)
Rendered users/show.html.erb within layouts/application (10.2ms)
Completed 500 Internal Server Error in 23ms (ActiveRecord: 1.3ms)
ActionView::Template::Error (First argument in form cannot contain nil or be empty):
1: <%= form_for [#user, #post] do |f| %>
2: <%= f.text_area :content, size: "60x12", placeholder: "What do you want to say?" %>
3: <%= f.submit "Post" %>
4: <% end %>
app/views/shared/_post_form.html.erb:1:in `_app_views_shared__post_form_html_erb___99030300856795657_70237723952000'
app/views/users/show.html.erb:5:in `_app_views_users_show_html_erb___3196827877852207953_70237724137160'
Rendering /usr/local/lib/ruby/gems/2.3.0/gems/actionpack- 5.0.0.1/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb within rescues/layout
Rendering /usr/local/lib/ruby/gems/2.3.0/gems/actionpack- 5.0.0.1/lib/action_dispatch/middleware/templates/rescues/_source.html.erb
Rendered /usr/local/lib/ruby/gems/2.3.0/gems/actionpack-5.0.0.1/lib/action_dispatch/middleware/templates/rescues/_source.html.erb (6.7ms)
Rendering /usr/local/lib/ruby/gems/2.3.0/gems/actionpack- 5.0.0.1/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb
Rendered /usr/local/lib/ruby/gems/2.3.0/gems/actionpack-5.0.0.1/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb (5.0ms)
Rendering /usr/local/lib/ruby/gems/2.3.0/gems/actionpack-5.0.0.1/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb
Rendered /usr/local/lib/ruby/gems/2.3.0/gems/actionpack-5.0.0.1/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb (1.1ms)
Rendered /usr/local/lib/ruby/gems/2.3.0/gems/actionpack- `5.0.0.1/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb within rescues/layout (96.4ms)
You say that your form is having a problem rendering on the user's show page. If you have this form w/ nested resource setup like this:
form_for [#user, #post]
It means your form needs access to both the #user and the #post instance variable whereever the form is to be rendered. In this case, it is in the show action in your users controller. So your users controller should have something like this:
def show
#user = User.find(params[:id])
#post = #user.posts.build
end
I'm assuming your _post_form is loaded when you go to your posts#new route which is handled by this posts controller action:
def new
#post = Post.new
#user = User.find_by(id: params[:id])
end
Nested routes (in this case user > post) place the parent resource's id in the param resource_id, in you case it would be params[:user_id]. So, essentially, change this line:
#user = User.find_by(id: params[:id])
...to:
#user = User.find(params[:user_id])
That will access the correct id in the params and will cause an exception if no user was found (by using find instead of find_by), that will alert you to the any problem before you get to the view rendering. In your case the #user was nil and you got the form_for error you posted.
Update
I see from your logs you are going to the users#show action, which is this one:
def show
#user = User.find(params[:id])
end
as you can see, you're not setting the #post variable which you're passing to the form here:
form_for [#user, #post]
Add this to you action:
def show
#user = User.find(params[:id])
#post = Post.new
end
I'm trying to update comments on a post in place, and I can get the edit form partial to render correctly, but trying to save does nothing--there's no console error, no error in the server logs, and the record isn't saved.
edit.js.erb
$('#comment-<%= #post.id %>-<%= #comment.id %>').find('.comment-content').html("<%= j render partial: 'comments/comment_form', locals: { comment: comment, post: post } %>");
comments/_comment_form.html.erb
<div class="comment-form col-sm-11">
<%= form_for([post, comment], :remote => true) do |f| %>
<%= f.text_area :content, class: "comment_content", id: "comment_content_#{post.id}" %>
</div>
<div class="col-sm-1">
<%= f.submit "Save", class: "btn btn-primary btn-xs" %>
<% end %>
</div>
update.js.erb
$('comment-form').hide();
$('#comment-<%= #post.id %>-<%= #comment.id %>').find('.comment-content').html('<%= #comment.content %>');
routes.rb
resources :users do
end
resources :posts do
resources :comments
end
class Post < ActiveRecord::Base
belongs_to :user
has_many :comments, dependent: :destroy
end
class User < ActiveRecord::Base
has_many :posts, dependent: :destroy
has_many :comments, dependent: :destroy
end
class Comment < ActiveRecord::Base
belongs_to :user
belongs_to :post
end
Below is the last thing in the server log when the edit_post_comment_path link is clicked; literally nothing happens when save is clicked in the edit form partial, and a test alert in update.js.erb doesn't fire.
Started GET "/posts/471/comments/30/edit" for 72.231.138.82 at 2016-07-17 01:25:27 +0000
Processing by CommentsController#edit as JS
Parameters: {"post_id"=>"471", "id"=>"30"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT 1 [["id", 2]]
RailsSettings::SettingObject Load (0.2ms) SELECT "settings".* FROM "settings" WHERE "settings"."target_id" = ? AND "settings"."target_type" = ? [["target_id", 2], ["target_type", "User"]]
Post Load (0.1ms) SELECT "posts".* FROM "posts" WHERE "posts"."id" = ? ORDER BY "posts"."created_at" DESC LIMIT 1 [["id", 471]]
Comment Load (0.2ms) SELECT "comments".* FROM "comments" WHERE "comments"."user_id" = ? AND "comments"."id" = ? LIMIT 1 [["user_id", 2], ["id", 30]]
Comment Load (0.1ms) SELECT "comments".* FROM "comments" WHERE "comments"."id" = ? LIMIT 1 [["id", 30]]
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 2]]
Rendered comments/_comment_form.html.erb (1.2ms)
Rendered comments/edit.js.erb (13.8ms)
Completed 200 OK in 102ms (Views: 34.4ms | ActiveRecord: 1.7ms)
I have similar create, destroy and custom actions (including an update_attributes method) that are firing correctly, so I'm not sure why this form can't submit. Any help is appreciated, I'm very new to js.
Update with the comment controller actions:
class CommentsController < ApplicationController
before_action :set_post
before_action :user_signed_in?, only: [:create, :destroy]
before_action :authenticate_user!, only: [:create, :edit, :new, :destroy, :update]
before_action :correct_user, only: [:edit, :update, :destroy]
...
def edit
#comment = Comment.find(params[:id])
respond_to do |format|
format.js { render 'comments/edit', locals: {comment: #comment, post: #post } }
end
end
def update
#comment = Comment.find(params[:id])
respond_to do |format|
format.js
end
if #comment.update_attributes(comment_params)
#comment.toggle!(:edited)
flash[:success] = "Comment edited!"
redirect_to root_path
else
render 'edit'
end
end
private
def comment_params
params.require(:comment).permit(:content, :user_id, :post_id)
end
def set_post
#post = Post.find(params[:post_id])
end
def correct_user
#comment = current_user.comments.find_by(id: params[:id])
redirect_to root_url if #comment.nil?
redirect_to root_url if #comment.userlocked?
end
end
I've updated the edit form with :method => :put, to no effect, and thanks for the typo catch #Emu.
As you're submitting an edit form, you should define the method in the form like:
<%= form_for([post,comment ], :remote=>true, :method => :put) do |f| %>
Also, in the update.js.erb the following line missing the "." or "#"
$('.comment-form').hide();
I am using ruby on rails try to update user information, but when I submit, the console will show an error saying the user exists and redirect to the correct page. What's wrong with my code?
The error message:
Started PATCH "/users/6" for ::1 at 2015-06-08 21:27:00 -0500
Processing by UsersController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"sJm38g36DAYDo4eXdpcIPRX0e40Jp6cECmMwEvhCAEhTlDwwmmgOfXZqeczglNmJ4K9pQXiyXAsRsgP/C8lScg==", "name"=>"test123", "department"=>"123", "commit"=>"Update User", "id"=>"6"}
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 6]] CACHE (0.0ms)
SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", "6"]] (0.1ms)
begin transaction
User Exists (0.2ms)
SELECT 1 AS one FROM "users" WHERE ("users"."email" = 'test#test.com' AND "users"."id" != 6) LIMIT 1 (0.1ms)
rollback transaction
Redirected to http://localhost:3000/users/6
Completed 302 Found in 9ms (ActiveRecord: 0.5ms)
Started GET "/users/6" for ::1 at 2015-06-08 21:27:00 -0500
Processing by UsersController#show as HTML
Parameters: {"id"=>"6"} User Load (0.1ms)
SELECT "users".* FROM "users" WHERE "users"."id"
= ? LIMIT 1 [["id", 6]]
Rendered users/show.html.erb within layouts/application (0.1ms)
User Load (0.2ms)
SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 6]] CACHE (0.0ms)
SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 6]]
Completed 200 OK in 66ms (Views: 64.3ms | ActiveRecord: 0.3ms)
The edit page
<h1 class="center">Edit name</h1>
<div class="row">
<div class="col-md-6 col-md-offset-3">
<%= form_tag "/users/#{#user.id}", :method => 'patch' do %>
<p>
<%= label_tag :name %>
<%= text_field_tag :name, #user.name %>
</p>
<p>
<%= label_tag :department %>
<%= text_field_tag :department, #user.dept %>
</p>
<input type="submit" name="commit" value="Update User">
<% end %>
</div>
</div>
The controller is like this
class UsersController < ApplicationController
before_action :authorize, only: [:show, :edit, :update]
def authorize
#user = User.find_by(id: params[:id])
if #user.blank? || session[:user_id] != #user.id
redirect_to root_url, notice: "Nice try!"
end
end
def new
#user = User.new
end
def show
end
def edit
end
def update
#user = User.find_by(id: params[:id])
#user.name = params[:name]
#user.dept = params[:department]
#user.save
redirect_to user_path(#user.id)
end
def create
#user = User.new(email: params[:email],
name: params[:name],
password: params[:password],
role: params[:role],
dept: params[:dept])
if #user.save
redirect_to root_url, notice: "Thanks for signing up."
else
render "new"
end
end
end
The router concerning this part is like:
# sign up
get '/signup' => 'users#new'
post '/users' => 'users#create'
get '/users/:id' => 'users#show', as: :user
get '/users/:id/edit' => 'users#edit', as: 'edit_user'
patch '/users/:id' => 'users#update'
The problem is in the form_tag,it should be like this
<%= form_tag({:action => :update}, {:method => :patch}) do %>
Also your code for form_tag looks vulnerable. Changing it to like this will be better.
<%= form_tag update_user_path(#user) do %>
or
<%= form_tag user_path(#user), :method => :patch do %>
Are you using rails 4?
You should update your controller to conform to strong_parameters if you are.
def update
#user = User.find(params[:id)
if #user.update_attributes(user_params)
redirect_to user_path(#user.id)
else
render :edit
end
end
private
def user_params
params.require(:user).permit(:name, :dept)
end
Doing this will mean that you have to wrap your name and dept params inside a user scope, eg.
user: { name: "Howard Moon", dept: "Zookeeper" }
But is the standard way to handle params in the controller.
Hope this helps!
EDIT: Link to Strong Parameters which does a better job at explaining this than I can. Haha