v2.0.3 - Show latest stable - 0 notes - Class: ActiveRecord::Base
attr_accessible(*attributes) public

Similar to the attr_protected macro, this protects attributes of your model from mass-assignment, such as new(attributes) and attributes=(attributes) however, it does it in the opposite way. This locks all attributes and only allows access to the attributes specified. Assignment to attributes not in this list will be ignored and need to be set using the direct writer methods instead. This is meant to protect sensitive attributes from being overwritten by URL/form hackers. If you’d rather start from an all-open default and restrict attributes as needed, have a look at attr_protected.


*attributes A comma separated list of symbols that represent columns not to be protected


  class Customer < ActiveRecord::Base
    attr_accessible :name, :nickname

  customer = Customer.new(:name => "David", :nickname => "Dave", :credit_rating => "Excellent")
  customer.credit_rating # => nil
  customer.attributes = { :name => "Jolly fellow", :credit_rating => "Superb" }
  customer.credit_rating # => nil

  customer.credit_rating = "Average"
  customer.credit_rating # => "Average"
Show source
Register or log in to add new notes.