use strong_params in example

2013-07-19 10:54:24 +03:00 · 2013-07-19 10:54:24 +03:00 · 760662de86
commit 760662de86
parent bae07dcce2
1 changed files with 6 additions and 1 deletions
--- a/guides/source/engines.md
+++ b/guides/source/engines.md
@ -393,10 +393,15 @@ The form will be making a `POST` request to `/posts/:post_id/comments`, which wi
 ```ruby
 def create
  @post = Post.find(params[:post_id])
-  @comment = @post.comments.create(params[:comment])
+  @comment = @post.comments.create(comment_params)
  flash[:notice] = "Comment has been created!"
  redirect_to posts_path
 end
+
+private
+def comment_params
+  params.require(:comment).permit(:text)
+end
 ```

 This is the final part required to get the new comment form working. Displaying the comments however, is not quite right yet. If you were to create a comment right now you would see this error: