Update_attributes workaround needed?


#1

Hi everyone,
I’m doing white list validations on the controller side so that
malformed data would not get to the database. However, this seems to be
tricky when updating an entity since I can’t find a way to seperate the
attribute updating from the saving itself.
What i’m looking for is a way to either run white_list on the parameters
in the params array (I don’t know if accessing a specific param is even
possible)
or running it on the entity itself before it is saved.

currently the code is as follows:

@post = Post.find(params[:id])
if @post.update_attributes(params[:post])

end

I cant seem to access the input received from the form independently
(like params[:body] if I had a body text field in the form), and since
update_attributes updates the attributes and also saves the data I’m
stuck…

Any ideas?

Thanks,
Ehud


#2

To access the “body” field, you would do the following:

params[:post][:body]


#3

On 4/19/07, Dylan M. removed_email_address@domain.invalid wrote:

To access the “body” field, you would do the following:

params[:post][:body]

You can also do @post.attributes = params[:post]. It updates the
attributes without saving them to the database.


Rick O.
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com


#4

Piotr W. wrote:

Ehud R. wrote:

Any ideas?

In Rails, input validation should be done in model, not in controller.

Then you will be given false or exception when trying to save invalid
object. You will also be able to use model’s valid? method.

hmm… that sounds reasonable. How can I hook to the save method and run
white list on the relevant columns before they are inserted to the
database?


#5

Ehud R. wrote:

Any ideas?

In Rails, input validation should be done in model, not in controller.

Then you will be given false or exception when trying to save invalid
object. You will also be able to use model’s valid? method.


#6

Ehud R. wrote:

In Rails, input validation should be done in model, not in controller.

Then you will be given false or exception when trying to save invalid
object. You will also be able to use model’s valid? method.

hmm… that sounds reasonable. How can I hook to the save method and run
white list on the relevant columns before they are inserted to the
database?

Use Rails Validations.


#7

Ehud R. wrote:

Use Rails Validations.

I’m not sure validations are what I’m looking for…
I want to mannipulate the data saved, not run a test on it whether it
caontains forbidden strings. It would probably work as the validate
method run for each save, but would not be very pretty imo.

Is there another way to hook into the save mechanism of a model?

found it myself - before_validation is what im looking for


#8

Use Rails Validations.

I’m not sure validations are what I’m looking for…
I want to mannipulate the data saved, not run a test on it whether it
caontains forbidden strings. It would probably work as the validate
method run for each save, but would not be very pretty imo.

Is there another way to hook into the save mechanism of a model?