Develop Reference

The action path of a form in Rails

The explanation below is big, but the question is really simple.
I'm doing a simple form project in https://www.theodinproject.com/paths/full-stack-ruby-on-rails/courses/ruby-on-rails/lessons/forms.
The first part where I am, I need to build a form manually - so that I can see how Rails does a lot for me when I use its helper methods.
I'm stuck in this point:
Specify the method and the action attributes in your tag (use $ rails routes to see which HTTP method and path are being expected based on the resource you created).
The routes.rb file looks like this:
resources :users, only: [:create, :new]
I don't know how to determine which method should I use for the form - post or get.
I don't know how to determine which action path I should use.
I've gone into the internet, Rails guides and etc, and have solved the other topics so far, but for this one I can't get through it.
My form so far:
<form action='/create' method="post" accept-charset="UTF-8">
<label for="username"></label>
<input type="text" id="username" name="username"><br>
<label for="email"></label>
<input type="text" id="email" name="email"><br>
<label for="password"></label>
<input type="text" id="password" name="password"><br>
<input type="submit" id="submit" value="Submit" >
</form>
Once I run it in the server and then submit the form - which I did - I should get:
"Submit your form and view the server output. Oops, we don’t have the right CSRF authenticity token (ActionController::InvalidAuthenticityToken) to protect against cross site scripting attacks and form hijacking. If you do not get an error, you used the wrong method from step 1."

Yes, Rails is smart) When u are sending the request to your server, Rails must know from where this request is coming. In short, if your form sending the CSRF token then Rails understand that u send this request, otherwise someone else on your behalf (CSRF attack).
To fix this bug u need to set <%= form_authenticity_token %> in your .erb view. It will generate this input that is below
<input type="hidden" name="authenticity_token" value="your_token_generate_by_rails">
Or for your testing purposes, u can use this in your controller which is processing your request. But never use it in future if you are don't know what are u doing)
skip_before_action :verify_authenticity_token

Hi there fellow Odin student!
It looks like you're doing this lesson. Me too!
It sounds like you're asking about what value to use with action attribute in the form.
When I created a form using the Rails formHelper methods, I inspected the HTML that Rails created when I was previewing the app/website (rails s). By opening up the Developer tools (F12 key, or right click the mouse and choose inspect)I was able to see that the form Rails created had an action equal to the name of the resource, with a forward slash in front of it.
So for your example, the resource created is "users". So the action attribute would be /users
to be complete, the solution would be something like: <form action="/users"...
Hope this helps!

Clarifying POST-ing to a site

Say I were to post to a site using www.mysite.com?user=myuser does that simulate the submit button that is associated with that form? If so, what happens if there are a number of submit buttons in the form?
Also, if that button's html is like so <input name="button" class="button" type="button" value="Save" onclick="javascript: submit()" disabled> with the "disabled" attribute, does that mean I can't POST www.mysite.com?user=myuser/won't work?
<form name="Form" method="post" action="/thisAction.do">
<input type="text" name="inquiryNo" maxlength="11" value="" onkeyup="javascript: checkNo()">
<input name="buttonInquire" class="button" value="Inquire" onclick="javascript: submitInquire()" type="button">
<!--Then comes a number of other inputs-->
<input.../>
<input.../>
<input.../>
<input name="modify" class="button" type="button" value="Save"
onclick="javascript: submitModify()" disabled>
</form>
This is some sample code as it's work stuff which I am not allowed to share. So when I use the inquire action a new account successfully loads up and the details are presented on the page. The modify action is meant to 'modify' those details but it just returns the same details displayed on the page. I get no sort of feedback from anything.

You can POST to a URL with a query string (the stuff after the ?), and since you say you're using urllib2 with a data argument, that's what happens. The server can then read both the POST data and the query string and do whatever it wants, though most of the time they're merged together or the query string is ignored entirely.
disabled only stops you from clicking the button in the browser (and even then, you can just un-disable it with a tool like Firebug). You can POST whatever you want to any URL you want; HTML can't stop you, though the server can still give you an error if it wants.
I think your problem is that "inquire" is the default action, and something's wrong with your POST. So no matter what you send, the server isn't recognizing it and is falling back to "inquire".
It looks like the form is intended to send modify=Save. Can you post the Python code you're actually running?

No, what you actually typed in is a GET method.
There are 2 ways of submitting data: POST AND GET.
Post is by submitting data by using a form in a webpage that posts to another on the background, while GET is setting the data in the url itself like user=myuser.
Most of the times using a GET method (url query string) will not work if the web programmer actually is checking for a POST method. The same happens if the programmer is waiting for a GET request and you actually POST it.
However there is a php var called REQUEST which will work with GET and POST.
I'm no professional in PHP but because you had no answers at the moment I tried my best to explain it. Hopefully some expert will come along and explain it properly.
You edited your question while I was replying so you need someone to answer you on your second question.

Refactoring HTML Markup from POST to GET

I have the following mark up in an ASP.NET MVC view (this is a Twitter Bootstrap search box):
<form action="#Url.Action("Results", "Search")" method="post">
<input type="text" class="search-query" id="SearchTerm" name="SearchTerm" />
</form>
This code works as expected, but using a post here is causing problems.
How can I change this markup to pass the search query as a URL argument instead? I'm not really sure how to even approach this short of keeping the existing markup and then redirecting from the controller. I'm thinking there must be a more efficient way than that.

You should be able to change method="post" to method="get" and get the desired result. The form, with a get method setting, pushes the fields in the form to the querystring by its default behavior.
As a workaround, if the default behavior doesn't suit you, you could catch the submit event of the form, and do:
window.location = form.action + "?SearchTerm=" + document.getElementById("SearchTerm").value
Something like that, where form is a reference to the form element. You can build the link and redirect using javascript, which is a get request.

How can I emulate PUT/DELETE for Rails and GWT?

I would like to make my application somewhat REST compliant. I am using Rails on the backend and GWT on the frontend. I would like to do updates and deletes. I realize I can do something like mydomain.com/:id/delete (GET) and accomplish the same thing. However, as I stated previously, I would like to have a REST compliant backend. Thus, I want to do mydomain.com/:id (DELETE) and have it implicitly call my delete method.
Now, it's my understanding that if a browser (my browser is GWT RequestBuilder) doesn't support DELETE/GET, Rails somehow accomplishes this task with a POST and some other url parameter. So, how can I accomplish this with a GWT RequestBuilder?

Rails does this with hidden attributes. The easiest way to figure this out would be to create a new rails application, generate a scaffold and have a look at the HTML in a browser.
Try this:
rails jp
cd jp
./script/generate scaffold RequestBuilder name:string
rake db:migrate
./script/server
Then navigate to http://localhost:3000/request_builders, click on New and have a look at the HTML. You'll see something like:
<form action="/request_builders" class="new_request_builder"
id="new_request_builder" method="post">
<div style="margin:0;padding:0">
<input name="authenticity_token" type="hidden" value="e76..." />
</div>
This is a creation, method is POST. Enter a name, save then Edit:
<form action="/request_builders/1" class="edit_request_builder"
id="edit_request_builder_1" method="post">
<div style="margin:0;padding:0">
<input name="_method" type="hidden" value="put" />
<input name="authenticity_token" type="hidden" value="e76..." />
</div>
Of course the form is sent with POST, but Rails hads a hidden field to simulate a PUT request. Same for deletion, but the scaffold will do it with a bit of Javascript:
var m = document.createElement('input');
m.setAttribute('type', 'hidden');
m.setAttribute('name', '_method');
m.setAttribute('value', 'delete');
To have this work with another front-end, you'll have to both:
Use the same style URL such as /request_builders/1 (RESTful URLs)
Include the hidden fields (Rails trick)

Like #skrat said, the _method=PUT workaround doesn't work for any kind of body where Content-Type is not x-www-form-urlencoded, e.g. XML or JSON. Luckily, there is a header workaround as well:
https://zcox.wordpress.com/2009/06/17/override-the-http-request-method-in-jersey/
So to update a REST resource, just do a POST to its address and add the header X-HTTP-Method-Override: PUT. Rails will interpret this as a PUT to the address.

asp.net mvc post to different views in same form

I have form area in my view. If I click button A, I want to submit to /Books/1 and if I click button B, I want to submit to /Books/2
How do I achieve this with MVC?

<form id="form1" name="form1" action="/Books/" method="get">
<input type="text" name="search" value="">
<input type="submit" name="id" value="1">
<input type="submit" name="id" value="2">
</form>

It sounds like what you want to do is call the Books Controller, with, say, the Search action. So for instance you might want to call /Books/Search/<search expression>/1, or /Books/Search/<search expression>/2, etc. (There's a few different ways you could be formatting these URLs, but it's mostly a matter of personal preference I think) If you want the URLs to appear as you've got them above (without the action in the URL), that can be accomplished with routing, something like this:
routes.MapRoute(
"Books",
"Books/{searchExpr}/{pageId}",
new { controller = "Books", action = "Search", searchExpr = "", pageId = 1 }
);
I think the main problem is that you're trying to use the WebForms PostBack everything paradigm in a situation where you're probably better off sending the information to the server in the URL or query string. The only time you're actually going to be posting form data here is when the user actually types something into the search box and clicks the Search button - at that point, the controller will pass the search expression to the appropriate View by stuffing it in ViewData, and from there, the View can pull it out and repopulate that textbox on the results page.

MVC Views can have multiple forms on a 'page', so just create separate sections and give each one their own form action.
<form id="form1" name="form1" action="/Books/1" method="get">
<!--...form fields-->
</form>
<form id="form2" name="form2" action="/Books/2" method="get">
<!--...form fields-->
</form>

I have never seen the ability to have a form field attached to two forms, seems like it wouldn't work. What you can do is put a hidden field in the second form which, on submission, grabs the information from the textbox in the first form.