Strong parameters help keep your app safe by only allowing certain data to be saved. This stops bad or unexpected data from sneaking in.
params.require(:model_name).permit(:attribute1, :attribute2, ...)
require to specify the main key you expect in the parameters.permit to list only the allowed attributes inside that key.name and email from the user parameters.params.require(:user).permit(:name, :email)
title, body, and published attributes for a post.params.require(:post).permit(:title, :body, :published)
shipping with address and city inside order.params.require(:order).permit(:product_id, :quantity, shipping: [:address, :city])
This controller action uses strong parameters to only allow name and email when creating a new user. It prevents any other data from being saved.
class UsersController < ApplicationController def create user_params = params.require(:user).permit(:name, :email) @user = User.new(user_params) if @user.save render plain: "User created: #{@user.name}, #{@user.email}" else render plain: "Failed to create user" end end end
Always use strong parameters in Rails controllers when handling user input.
Without strong parameters, Rails will raise an error to protect your app.
You can permit nested attributes by passing a hash to permit.
Strong parameters keep your app safe by filtering input data.
Use require and permit to specify allowed data.
This helps prevent security problems like mass assignment.