如何隐藏传递给方法的参数(如form_for似乎可以做到)? [英] how can I hide params I transmit to a method (like form_for seems to do)?

问题描述

我已经搜索了几个小时，却找不到任何有用的信息.

I've been searching for hours now and haven't found anything that helps.

我需要调用check_login -Method(如下所示)，该方法需要参数.

I need to call the check_login-Method (as below), which needs parameters.

redirect_to check_login_users_url(
  :user => {:name => input[1], :password => input [2] },
  :stylesheet => 'scaffold',
  :method => :get)

关键是这些参数是在方法调用中发送的，就像下面的重定向到"行中一样.

The point is that these params are sent in the method-call as in the "Redirected to"-line below.

Processing ApplicationController#execute(for 127.0.0.1 at 2009-12-19 00:28:40) [POST]
Parameters: {"command"=>{"line"=>"log dodo wg"}, "authenticity_token"=> <...token>}
Redirected to http://localhost:3000/benutzer/check_login?method=get&stylesheet=scaffold&user%5Bname%5D=dodo&user%5Bpassword%5D=wg
Completed in 9ms (DB: 0) | 302 Found [http://localhost/execute]

---

我想防止Rails将参数放入网址中，而是将其隐藏起来.

当我发送使用form_for创建的表单时，URL中没有任何内容，因此我认为这是必须的.

When I send a form created with form_for, there's nothing in the url, so I assume it must be possible.

请告诉我该怎么做.

• 我尝试了不同的"html-verbs":获取，放置，发布-没什么不同.尽管check_login的调用确实很短，但url-with-params显示在我的控制台中
• 创建一个实例变量，并将其作为参数传递(奇怪，也没有用)
• 观看form_for正常工作–没有结果，一无所知

• I have tried different "html-verbs": get, put, post - no difference. Though the call of check_login is really short the url-with-params shows up in my Console
• create an instance variable and pass it as param (strange, didn't work either)
• watch form_for working – without results, got no clue

//edith:
感谢您到目前为止的所有帮助.也许我没有详细说明我的问题. 我有一个text_field，可以在其中输入简短的命令(通过实验).它的形式在AppController中调用execute，在登录数据的情况下执行redirect_to check_login.我不需要访问网页，我只想运行该方法.我喜欢将其放入:flash的想法，但是我想知道是否存在更整洁"的方式来传递隐藏的数据.

//edith:
Thanks for all your help so far. Perhaps I didn't specify my problem in enough detail. I've got a text_field in which I enter short commands (experimentally). Its form calls execute in AppController, which in case of login-data performs redirect_to check_login. I don't need to access a webpage, I simply want to run the method. I liked the idea of putting it into :flash, but I'm wondering if there's a "neater" way to do pass the data hidden.

推荐答案

TL;灾难恢复版本:使用表格.

您将永远无法完全隐藏参数，可以使用工具监视请求并查看发布数据/参数.但是，您可以使用加密的会话对其进行混淆.同样，您似乎是通过GET请求发送登录信息，这通常是一种不好的做法.

You're never going to be able to fully hide parameters, tools can be used to monitor requests and view the post data/parameters. You could however obfuscate it with an encrypted session. Also it appears that you're sending login info via a GET request, this is generally a bad practice.

那是说...

您出了什么问题，原因是您没有使用link_to:method =>:post生成任何帖子数据. link_to将使用您给它的任何parma生成URL. Wheres表单会将表单生成的所有参数作为POST数据发送到form_for调用中生成的url.

What is going wrong for you is that you're not generating any post data with link_to :method => :post. link_to will use what ever parmas you give it to generate the url. Wheres forms will send all the params generated by the form as POST data to the url generated in the form_for call.

Rails收到POST请求后，会将来自URL的路由选择参数与其接收到的发布数据合并到一个params哈希中.

Upon receiving a POST request, Rails will merge parameters routing picks up from from the URL with the post data it receives into one params hash.

在POST到

http://localhost:3000/benutzer/check_login?stylesheet=scaffold&user%5Bname%5D=dodo&user%5Bpassword%5D=wg

在接收控制器操作中生成与http://localhost:3000/benutzer/check_login的POST相同的参数散列，并带有以下数据:

produces the same params hash in the receiving controller action as a POST to http://localhost:3000/benutzer/check_login with the following data:

 stylesheet=scaffold&user[name]=dodo&user[pasword]=wg

这两个请求在服务器日志中没有区别.

There will be no distinction in the server log between the two requests.

如果您查看form_for在做什么，它将提交从表单输入生成的POST数据到参数生成的url.

If you look at what form_for is doing, it submits POST data built from the form inputs to the url generated by the arguments.

form_for @user, create_user_url(:stylesheet => "scaffold") do |f|
  f.text_field :name
  f.password_field, :password
end

此表单会将表单数据提交到从选项生成的url中.在此示例中，URL为:http://localhost:3000/users/create?stylesheet=scaffold，表单数据为:

This form will submit the form data to the url generated from the options. In this example the url is: http://localhost:3000/users/create?stylesheet=scaffold and the form data is:

user[name]=name_field_value_at_submit&user[password]=password_field_value_at_submit

link_to将不会为您填充帖子数据.您必须通过表单或使用javascript来完成此操作. link_to文档包含使用javascript进行此操作的示例.寻找使用:onclick进行销毁的方式.

link_to will not populate post data for you. You must either do it through a form or with javascript. The link_to documentation contains an example of doing this with javascript. Look for how the destroy with :onclick is handled.

如果您真的不喜欢按钮，则可以使用link_to_function提交表单.

If you really don't like buttons, you could use link_to_function to submit a form.

这篇关于如何隐藏传递给方法的参数(如form_for似乎可以做到)?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！