On Wed, Feb 15, 2017 at 4:11 PM, Joe Guerra <JGuerra@jginfosys.com> wrote:
> I've got this in my product show page....I'm trying to pass user_id &
> product_id to my products controller, add_to_cart method...
Accepting user_id as an untrusted input from the client is a
Very Bad Idea. If it's a value saved in session you can and
should fetch it in your controller.
> <%= button_to 'Add to Cart', {:controller => "products", :action =>
> "add_to_cart", :user_id=> session[:user_id], :product_id => @id } ,
> :method=>:post %>
>
> on the controller...
>
> def add_to_cart(user_id, product_id)
> @cart = Cart.new(user_id, product_id )
> end
> "wrong number of arguments (given 0, expected 2)"
So where are you setting user_id and product_id from the params?
I assume you've looked at the log and confirmed the params hash
contains what you expect?
--
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
twitter: @hassan
Consulting Availability : Silicon Valley or remote
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CACmC4yAmObHtE3Y9YM4izk6YJ4_EB3tQXhKbQS4nMtNgKXMieQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment