1

我拼凑了一个快速而肮脏的应用程序来临时跟踪一些信息。我知道,不要以明文形式存储密码。这不是面向公众的,它在一个极其安全的内部盒子上;没有人可以访问它,该页面无法访问,只能访问一个简短的列表。无论如何...我试图弄清楚为什么当我编辑一条记录时,更新将一个尚未编辑的记录字段保存为空白,当它从具有值的数据库中读取时。在这种情况下,我从索引视图中选择一条记录。我编辑该记录,而不是触摸密码字段。我保存记录。从日志中可以看到,该字段为空白。

表格代码

    <%= form_for(@swiftpwd) do |f| %>
        <% if @swiftpwd.errors.any? %>
            <div id="error_explanation">
              <h2><%= pluralize(@swiftpwd.errors.count, "error") %> prohibited this swiftpwd from being saved:</h2>

              <ul>
              <% @swiftpwd.errors.full_messages.each do |msg| %>
                <li><%= msg %></li>
              <% end %>
              </ul>
            </div>
        <% end %>

        <div class="field">
            Customer Name<br />
            <%= f.text_field :customername %>
        </div>
        <div class="field">
            Email Address<br />
            <%= f.text_field :emailaddr %>
        </div>
        <div class="field">
            Password<br />
            <%= f.password_field :password %>
        </div>
        <div class="field">
            Phone Number<br />
            <%= f.text_field :phone %>
        </div>
        <div class="field"">
            Notes<br />
            <%= f.text_area(:notes, :size=>'50x10') %>
        </div>
        <div class="actions">
            <%= f.submit 'Submit' %>
        </div>
    <% end %>

控制器

PUT /swiftinfo/1
PUT /swiftinfo/1.json
def update
  @swiftinfo = Swiftinfo.find(params[:id])
  @swiftinfo.staffid = @staffid

  respond_to do |format|
    if @swiftinfo.update_attributes(params[:swiftinfo])
      format.html { redirect_to root_path, notice: 'Accounts was successfully updated.' }
      format.json { head :no_content }
    else
      format.html { render action: "edit" }
      format.json { render json: @swiftinfo.errors, status: :unprocessable_entity }
    end
  end
end

日志

Started PUT "/swiftinfo/10" for 192.168.207.200 at 2013-05-17 16:46:57 -0700
Processing by swiftinfoController#update as HTML
    Parameters: {"utf8"=>"✓", "authenticity_token"=>"tYo36rKCPtiplb+qLuF8QpcITXD/b0K869LNhakfOdg=", "swiftpwd"=>{"customername"=>"Customer name ", "emailaddr"=>"user@domain.net", "password"=>"[FILTERED]", "phone"=>"", "notes"=>"Note"}, "commit"=>"Submit", "id"=>"10"}
    Swiftinfo Load (0.1ms)  SELECT "swiftinfo".* FROM "swiftinfo" WHERE "swiftinfo"."id" = ? LIMIT 1  [["id", "10"]]
     (0.1ms)  begin transaction
     (0.3ms)  UPDATE "swiftinfo" SET "password" = '', "notes" = 'Note', "updated_at" = '2013-05-17 23:46:57.586414' WHERE "swiftinfo"."id" = 10
     (169.7ms)  commit transaction
Redirected to http://192.168.1.52:7779/
Completed 302 Found in 211ms (ActiveRecord: 170.2ms)

@anonymousxxx - 快速回答,是的,如果它已被编辑并删除。但就是这样,当我编辑时,该字段不是空白的,或者不应该是空白的。我在 index.html.erb 上屏蔽了用户的密码(我不呈现 swiftinfo.password 值,而只是显示“*****”。为了测试,我显示了密码值(swiftinfo.password)< %= swiftinfo.password %> 确实有密码。所以当我再次编辑该记录(或记录)时,密码有一个值。所以,如果我不编辑该字段,而是编辑另一个字段,或没有字段,更新应将当前值(已编辑或原始值)保存到表中。

更新:

好的,我已将问题隔离为:

<%= f.password_field :password %> - Browser displays blank, record is saved with a blank value
%= f.text_field :password %>

显示密码明文,但记录将正确的值(当前或更改)保存到表中。

4

1 回答 1

2

如果字段为空白并且您不想更新字段空白,则应在控制器上更新之前删除字段空白。尝试这个 :

def update
  @swiftinfo = Swiftinfo.find(params[:id])
  if params[:swiftinfo][:password].blank?
     params[:swiftinfo].delete(:password)
  end
  respond_to do |format|
    if @swiftinfo.update_attributes(params[:swiftinfo])
      format.html { redirect_to root_path, notice: 'Accounts was successfully updated.' }
      format.json { head :no_content }
    else
      format.html { render action: "edit" }
      format.json { render json: @swiftinfo.errors, status: :unprocessable_entity }
    end
  end
end
于 2013-05-18T04:59:10.297 回答