How to Use Rails Params



In this article, you will learn how to use Rails Params.

Using Rails Params

Rails Params is a Ruby module that provides access to HTTP parameters such as query string parameters and form data submitted in an HTTP request. Here are some common use cases for working with Rails Params:

Accessing Query String Parameters

To access query string parameters in a Rails controller, you can use the params hash. For example, if you have a URL like this: /articles?category=ruby, you can access the category parameter like this:

category = params[:category]

Accessing Form Data

If you are working with a form that has been submitted via an HTTP POST request, you can access the form data using the same params hash. For example, if you have a form with a text field named “name”, you can access the submitted value like this:

name = params[:name]

Strong Parameters

Rails also provides a mechanism for whitelisting parameters to prevent mass assignment vulnerabilities. This is called “Strong Parameters”. To use strong parameters, you need to define a whitelist of allowed parameters for a given model. Here is an example:

class UsersController < ApplicationController
  def create
    @user =
      # ...
      # ...


  def user_params
    params.require(:user).permit(:name, :email, :password)

In the example above, the user_params method defines a whitelist of allowed parameters for the User model. The require method ensures that the :user parameter is present in the request, and the permit method allows only the specified parameters to be assigned.

Nested Parameters

If you are working with nested parameters, you can use the permit method to whitelist them as well. Here is an example:

def book_params
  params.require(:book).permit(:title, :author, :publisher, { pages: [] })

In the example above, the book_params method whitelists the :title, :author, and :publisher parameters, as well as any nested :pages parameters that may be submitted as an array.