On Tue, Aug 3, 2021 at 9:39 AM [email protected] <[email protected]> wrote:
> I have a many-to-many relationship between Books and Tags, with an > intersection table of books_tags. > > I have an HTML form that lists tags as a SELECT (multiple), with a name of > 'book[tags]'. > > I get an error when trying to update the Book model using mass assignment: > > class BookController > > post ':id/edit' do > # method tags= doesn't exist > @book = Book[params[:id]].update(params[:book]) > end > > end > > Do I need to remove the :tags key from the parameter hash, then update the > tags dependency separately? > You probably want to look into the association_pks plugin, and switch the name of the field to 'book[tag_pks]'. Note that update(params[:book]) is probably a bad idea, as then you are allowing any fields in the model to be set (other than the restricted fields). If you are dealing with untrusted input, it's almost always better to use update_fields(params[:book], %w'field1 field2 ...') instead and provide an explicit list of fields to set (matching the fields that are on the related form). Thanks, Jeremy -- You received this message because you are subscribed to the Google Groups "sequel-talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/sequel-talk/CADGZSSfwespic%2BkcAZscQ41kk6FWfbqHA7u24ZXvnFk6S2QmMA%40mail.gmail.com.
