Ruby on Railsframework~30 mins

Strong parameters in Ruby on Rails - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Strong Parameters in Rails

📖 Scenario: You are building a simple Rails app to manage books in a library. Users can add new books by submitting a form. To keep the app safe, you need to use strong parameters to allow only specific fields from the form to be saved.

🎯 Goal: Learn how to use strong parameters in a Rails controller to permit only the title and author fields when creating a new book.

📋 What You'll Learn

Create a BooksController with a book_params method

Use strong parameters to permit only title and author

Use the permitted parameters in the create action

Ensure the controller code follows Rails conventions

💡 Why This Matters

🌍 Real World

Strong parameters are essential in Rails apps to keep user input safe and prevent security issues like mass assignment.

💼 Career

Understanding strong parameters is a key skill for Rails developers to write secure and maintainable web applications.

Progress0 / 4 steps

Create the BooksController with a create action

Create a Rails controller class called BooksController that inherits from ApplicationController. Inside it, define a create method that initializes a new Book with params[:book].

Ruby on Rails

class BooksController < ApplicationController
  # Your code here
end

Need a hint?

Remember to define a class and a method inside it. Use Book.new(params[:book]) to create the book.

Add the book_params method for strong parameters

Inside BooksController, add a private method called book_params that returns params.require(:book).permit(:title, :author).

Ruby on Rails

class BooksController < ApplicationController
  def create
    @book = Book.new(params[:book])
  end

  # Your code here
end

Need a hint?

Define a private method named book_params. Use params.require(:book).permit(:title, :author) inside it.

Use book_params in the create action

Modify the create method to initialize @book with Book.new(book_params) instead of params[:book].

Ruby on Rails

class BooksController < ApplicationController
  def create
    # Your code here
  end

  private

  def book_params
    params.require(:book).permit(:title, :author)
  end
end

Need a hint?

Replace params[:book] with book_params inside the create method.

Make book_params a private method

Ensure the book_params method is placed below the private keyword in BooksController.

Ruby on Rails

class BooksController < ApplicationController
  def create
    @book = Book.new(book_params)
  end

  # Your code here

  def book_params
    params.require(:book).permit(:title, :author)
  end
end

Need a hint?

Place the book_params method below the private keyword to restrict its visibility.