Rails Params Explained

Rails params explained?

The params come from the user's browser when they request the page. For an HTTP GET request, which is the most common, the params are encoded in the URL. For example, if a user's browser requested

http://www.example.com/?foo=1&boo=octopus

then params[:foo] would be "1" and params[:boo] would be "octopus".

In HTTP/HTML, the params are really just a series of key-value pairs where the key and the value are strings, but Ruby on Rails has a special syntax for making the params be a hash with hashes inside. For example, if the user's browser requested

http://www.example.com/?vote[item_id]=1&vote[user_id]=2

then params[:vote] would be a hash, params[:vote][:item_id] would be "1" and params[:vote][:user_id] would be "2".

The Ruby on Rails params are the equivalent of the $_REQUEST array in PHP.

Rails params explain

Well, params are a series of key-value pairs comes from a browser with a page request. For an HTTP GET request, the params are encoded in the URL.

For a request like this:

http://www.example.com/?foo=1&bar=cat

then params[:foo] would be "1" and params[:bar] would be "cat".

In HTTP/HTML, the params are really just a series of key-value pairs where the key and the value are strings, but Rails has a special syntax for making the params be a Hash with hashes inside.

For a request like this:

http://www.example.com/folders/55/?folder[name]=bubble&folder[size]=1324

then,

params[:folder] would be a Hash,

params[:folder][:name] would be "bubble" and

params[:folder][:size] would be "1324". Also,

params[:id] would be "55".

---

Rails 4 now uses strong parameters.

Protecting attributes are now done in the controller. Like this example:

class ArticleController < ApplicationController
  def create
    Article.create(article_params)
  end

private

  def article_params
    params.require(:article).permit(:name, :category)
  end
end

Ruby on Rails - Is params a method or a hash?

1. The description is a little bit truncated. To be precise, it should be read as:

   The return value of the params method is [an] object ...

   A method is not an object, but when you execute a method, it always returns an object. In this case, params is a method, not an object, but has a return value, which is an object.

2. In older versions of Rails, the return value of params used to be a hash, but now, it isn't a hash.

Rails params method: Why can it be accessed like a hash?

You are correct that params is a method, but here the params method returns an instance of ActionController::Parameters and we call hash accessor method #[] on it.

This is a common pattern in ruby to call methods on the returned object. Let's see it by a simple example:

def params
  {
    id: 101,
    key: 'value',
    foo: 'bar'
  }
end

params[:id] # => 101
params[:foo] # => 'bar'

As you can see in the example, method params returns a hash object and we call hash accessor method #[] on the returned object.

Reference to rails params method: https://github.com/rails/rails/blob/5e1a039a1dd63ab70300a1340226eab690444cea/actionpack/lib/action_controller/metal/strong_parameters.rb#L1215-L1225

def params
  @_params ||= begin
    context = {
      controller: self.class.name,
      action: action_name,
      request: request,
      params: request.filtered_parameters
    }
    Parameters.new(request.parameters, context)
  end
end

Note for ruby beginners: In ruby, we can call methods without parenthesis. So, above call is equivalent to params()[:id].

Where does params[:id] come from in rails?

params[:id] is meant to be the string that uniquely identifies a (RESTful) resource within your Rails application. It is found in the URL after the resource's name.

For example, for a resource called my_model, a GET request should correspond to a URL like myserver.com/my_model/12345, where 12345 is the params[:id] that identifies that specific instance of my_model. Analogies follow for the other HTTP requests (PUT, DELETE etc) and their RESTful counterparts.

You should read about Rails routing and its interpretation of RESTful architecture if you're still confused about these concepts and terminologies.

Rails params not passing to controller action

As dbugger commented, the parameter reached the controller. My mistake was when using it. Instead of using:

params[:academic_title_id]

I should have used:

params[:generate_regular_student][:academic_title_id]

Credits to dbugger. Thank you very much!

How can I access params (or utilize a workaround) in my rails model?

params is made available to you in the Controller (by Rails) because it's a "web request thing". It's a good practice not to pass it deeper into your system, as it contains external "untrusted" input. That's why it's not automatically available in Models.

For example:

# controller
def update
  safe_value = validate_value(params[:unsafe_value]) # extract and validate

  # no "web request things" passed in
  result = MyFeature.do_stuff(@current_user, safe_value)  # pass it to other parts of system

  # then convert the result back into a "web request thing", e.g:
  # return render json: as_json(result)     # return result as json
  # return redirect_to endpoint_for(result) # redirect based on result
                                            # etc
end

It's good practice to pre-process the params (extracting the values out, validating them, etc) before passing that data to other parts of your system as arguments, like your models.

This will keep the rest of your system agnostic of "web request things", keeping them purpose-focused and well-organized.

For one, StrongParameters is a built-in rails feature that helps with this.

Rails multiple params permit calls

This line doesn't have any effect, params.permit are not chained or added to a previous permit, you must use the result, that is why it's almost always used in a separate method.

params.permit(:create_special_categories)

What you must do is use what that returns for your following statements

permitted_params = params.permit(:create_special_categories)
Model.create(permitted_params) 

...however you really should outsource this to a special method like you already have. You will have to tweak this to your use-case obviously.

def balance_sheet_params
  if params[:create_special_categories]
    params.permit(:id,
        :entity,
        :entity_id,
        :date,
        :name,
        :create_special_categories)
  else
      params.permit(
        :id,
        :entity,
        :entity_id,
        :date,
        :name)
  end
end

---

Related Topics