Passing Value of Post ID in Hidden Field

Question

This goes along with my other question; trying to get the correct post_id to go along when I submit a new Comment that belongs that a specific Post.

_form.html.erb

<%= f.hidden_field :project_id, :value => params[:id] %>
<%= f.hidden_field :post_id, :value => params[:id].post_id %>
<%= f.hidden_field :user_id, :value => current_user.id %>

Answer 1

The solution to the problem was to simply put the from from the partial back into the actual view file, and use

<%= f.hidden_field :post_id, :value => params[:id].post_id %>

However, as house9 pointed out; this is a huge security flaw to use hidden fields to pass values in a form. So changing it around.

Answer 2

kind of hard to know exactly what you are doing without seeing more code, but my guess is that a @post instance variable has set using @post = Post.find(params[:id]) in the controller

# this is not needed, on the create, get it from the post?
<%= f.hidden_field :project_id, :value => params[:id] %>
# if you do want to pass it, guessing something like this
<%= f.hidden_field :project_id, :value => @post.project_id %>

# pass the post id to the create action
<%= f.hidden_field :post_id, :value => @post.id %>
# if the comment has a project_id
# @comment.project = @post.project ?

# do not send this in hidden field, get the value in your controller
# otherwise the user can change this value to another user when submitting the form
<%= f.hidden_field :user_id, :value => current_user.id %>

you might also want to consider using nested routes in the case of comments?

I recommend reading about view helpers from the rails guides: http://guides.rubyonrails.org/index.html

the http://guides.rubyonrails.org/getting_started.html page actually has code examples for a post with comments