One of the new concepts I learned was the use of strong params. Strong params are necessary because it allows you to tell your code what parameters should be allowed. That way, you cannot assign request parameters to objects UNLESS you have explicitly permitted it. Basically, it is for security. It is similar to a bouncer checking ID’s at a nightclub. You must meet the requirements (ie. age minimum) to be permitted into said club.
The same goes with strong params. The strong params act as your ID. Inputting strong params in your actions become your bouncer. Your app is the club! You do not want just anyone to be able to input random information and change your app around.
The code will look something like:
def update
@post = Post.find(params[:id])
@post.update(params.require(:post).permit(:title))
redirect_to post_path(@post)
endThe main difference between permit and require is that require is much more restrictive than permit. In the require method, the param passed in MUST contain a key in this case called “post.” In the permit method, the params hash POSSIBLY has that key.
