If they do that, then your application will explode. Actually I just says can't find the article with id = ### and the user will have to move on.
What is the problem with the user changing the article id? If they change it to another article they are allowed to post on oh well, if they change it to an article they shouldn't be allowed to post on you need to catch it. You can also use nested resources to achieve a url like /articles/1/ comments/new but again your still going to expose the article ID. On May 13, 10:34 am, "Tomas R." <li...@ruby-forum.com> wrote: > what if someone set article_id = 1000000 > and article with id 1000000 doesnt exists > > -- > Posted viahttp://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
