I have code in my products_controller.rb
def create
@product = Product.new(product_params)
brand = Brand.find(params[:brand_id])
@product.brand = brand
if @product.save
raise "OK"
else
@brand = Brand.find(params[:brand_id])
render 'brands/show'
end
end
After failure of save method, i need to redirect to brands show.html.erb view, which find brand by id and display information about it.
Questions:
- Is it right way of doing that
- If user manually passed server_id parameter, how can prevent it from executing (SQL injection)? Or how should i check and display error?
- How can i display errors in
brands/show
views outside form ( because i'm storing form in<a data-form="...">
property, so user can't see form until he clicks on link. Even more, i useform_for([@brand,@brand.send(:products).klass.new])
)
use redirect_to brands_path(@brand)