Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
In Rails, what is the difference between attr_accessor and attr_accessible? From my understanding, using attr_accessor is used to create getter and setter methods for that variable, so that we can access the variable like Object.variable or Object.variable = some_value.
I read that attr_accessible makes that specific variable accessible to the outside world.
Can someone please tell me whats the difference
attr_accessoris a Ruby method that makes a getter and a setter.attr_accessibleis a Rails method that allows you to pass in values to a mass assignment:new(attrs)orupdate_attributes(attrs).Here’s a mass assignment:
You can imagine that the order might also have a discount code, say
:price_off. If you don’t tag:price_offasattr_accessibleyou stop malicious code from being able to do like so:Even if your form doesn’t have a field for
:price_off, if it’s in your model it’s available by default. This means a crafted POST could still set it. Usingattr_accessiblewhite lists those things that can be mass assigned.