Ok so currently I have a form <div class=field> <%= f.label :title %><br/> <%=

Question

0

Asked: May 22, 20262026-05-22T02:26:45+00:00 2026-05-22T02:26:45+00:00

Ok so currently I have a form <div class=field> <%= f.label :title %><br/> <%=

0

Ok so currently I have a form

<div class="field">
  <%= f.label :title %><br/>
  <%= f.text_field :title %><br/>
  <%= f.label :itunesurl %><br />
  <%= f.text_field :itunesurl %><br />
  <%= f.hidden_field :user_id, :value => current_user.id %>
</div>
<div class="actions">
  <%= f.submit %>
</div>

Which passes the current_user.id into the create method of my “app” model which creates it like this before saving it:

@app = App.new(params[:app])

However I have associations of (pseudocode)

user has_many apps
apps belongs_to user

Question: is it safer (so the form doesn’t get modified) to do something like this within the create method?

@user = current_user
@app = @user.apps.create(params[:app])

If so… how exactly would I go about actually implementing the code above (its not syntactically correct.. just pseudo)?

Thanks!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-22T02:26:46+00:00

Editorial Team

2026-05-22T02:26:46+00:00Added an answer on May 22, 2026 at 2:26 am

Yes using the second way that you have suggested is the best approach

@user = current_user
@app = @user.apps.create(params[:app])

Also make sure you protect yourself from mass assignment, take a read of this http://stephensclafani.com/2010/01/04/ruby-on-rails-secure-mass-assignment/

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Ok so currently I have a form <div class=field> <%= f.label :title %><br/> <%=

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply