ForbiddenAttributesError

hi,
i just create normal form and my form is diplays fine but when i am
entering values in the field it will shown following error

ActiveModel::ForbiddenAttributesError
Extracted source (around line #6):

4.end
5.def create
6.@student = Student.new(params[:student])
7.if @student.save
8.redirect_to new_student_path
9.end

This is my controller

class StudentsController < ApplicationController
def new
@student = Student.new
end
def create
@student = Student.new(params[:student])
if @student.save
redirect_to new_student_path
end
end
end

On 13 December 2015 at 14:12, Naresh J. [email protected] wrote:

hi,
i just create normal form and my form is diplays fine but when i am
entering values in the field it will shown following error

ActiveModel::ForbiddenAttributesError
Extracted source (around line #6):

Have you worked right through the tutorial I suggested, including the
exercises?

Colin

Colin L. wrote in post #1179879:

On 13 December 2015 at 14:12, Naresh J. [email protected] wrote:

hi,
i just create normal form and my form is diplays fine but when i am
entering values in the field it will shown following error

ActiveModel::ForbiddenAttributesError
Extracted source (around line #6):

Have you worked right through the tutorial I suggested, including the
exercises?

Colin

yes sir with that basic only i am design this form evrey thing is fine
but at last i got this error…

Hi!

Take a look into strong parameters
http://api.rubyonrails.org/classes/ActionController/Parameters.html.

Since Rails 4, you couldn’t just forward a complete params hash to your
model. You could but you have to deactivate Strong Parameters before.
Anyways, I highly recommend you to follow this practices since your
approach opens a really big vulnerability.

For example:

You have an attribute “role” in your model. The user just have to add
the
attribute “role” to the parameters and is able to modify this protected
attribute.

Happy coding