So I’m looking for a nice simple way of doing this.
When I have form field names in the format of record[attr1]
record[attr2] etc so
that I can just call .update_attributes(params[:record]) I run into the
problem
of a malicious user being able to submit an extra form value with the
name of a
foreign_key column.
Is there a simple way I can clean a hash of all association ids? I’d be
fine
with writing my own method I’m just not sure of a way to get a list of
association id’s for any given AR object.
So I’m looking for a nice simple way of doing this.
When I have form field names in the format of record[attr1] record[attr2] etc so
that I can just call .update_attributes(params[:record]) I run into the problem
of a malicious user being able to submit an extra form value with the name of a
foreign_key column.
Is there a simple way I can clean a hash of all association ids? I’d be fine
with writing my own method I’m just not sure of a way to get a list of
association id’s for any given AR object.