Button_to with image?

I’m trying to use button_to and have it use an image in place of the
submit button. I had figured it would work the same as link_to like so:

button_to(image_tag(“editicon”, :size => “16x16”, :border => 0), :action
=> ‘edit’, :id => person.id)

but this instead displays the image code as the button name. Surely
there is a simple way to do this?

Ryan W. wrote:

I’m trying to use button_to and have it use an image in place of the
submit button. I had figured it would work the same as link_to like so:

button_to(image_tag(“editicon”, :size => “16x16”, :border => 0), :action
=> ‘edit’, :id => person.id)

but this instead displays the image code as the button name. Surely
there is a simple way to do this?

I presume that you’re talking about submiting a form, so you should use
image_submit_tag instead of button_to…

I presume that you’re talking about submiting a form, so you should use
image_submit_tag instead of button_to…

button_to itself creates a form. I’m trying to simply have an icon that
the user clicks on to delete an entry. And I would like the protection
of using POST instead of GET, which is why I don’t want to just use
link_to. Is the only way to do this to manually create the form each
time and use image_submit_tag?

Sorry, I didn’t had such needs so I don’t say how to do (is there
something RoR can’t do ?)

But in my point of view, you should certainly not rely on the request
method to protect from anything (as it doesn’t NOT protect you).

But in my point of view, you should certainly not rely on the request
method to protect from anything (as it doesn’t NOT protect you).

Well, “protect” is a relative term. Suggested reading:

http://blog.moertel.com/articles/2005/05/08/taking-the-unsafe-gets-out-of-rails

Often, using POST instead of GET is far safer… at least from the
standpoint of triggering destructive actions accidentally.

Ryan W. wrote:

But in my point of view, you should certainly not rely on the request
method to protect from anything (as it doesn’t NOT protect you).

Well, “protect” is a relative term. Suggested reading:

http://blog.moertel.com/articles/2005/05/08/taking-the-unsafe-gets-out-of-rails

Often, using POST instead of GET is far safer… at least from the
standpoint of triggering destructive actions accidentally.

A GET request which is a safe request should never alter the state of
the application in regard to the potential risk of web crawling.

More to : HTTP - Wikipedia