Rails, send params to controller action through link_to -


is safe/acceptable send params way create action in controller? there potential problems?

<%= link_to "acceptance", acceptances_path(acceptance: {favor_id: @favor.id, user_id: current_user.id}), method: :post %> 

and in controller

class acceptancescontroller < applicationcontroller    def create     @acceptance = acceptance.new(acceptance_params)      if @acceptance.save       redirect_to favors_path     else       render :template => 'favors/index'     end   end    private    def acceptance_params     params.require(:acceptance).permit(:favor_id, :user_id)   end end 

thanks time in advance!

the best (and safest) assigning these id's in controller.

since have access @favor , current_user objects, you'd better of doing this:

def create   @acceptance = acceptance.new(acceptance_params)   @acceptance.favor_id = @favor.id   @acceptance.user_id = current_user.id   # code omitted end 

Comments