0

I have a view where user can observe part of the objects from database:

class SyncController < ApplicationController
   def one
     @ids = get_ids(...)  # ids of objects, which user can see on the view
   end
end

On the same view there is a link which must delete objects in the the database by this @ids. So i need to pass this list of ids ([10000, 100001, 100009 ...]) to next method. To do it I have created link on my view:

<%= link_to "mark_as_read", { :controller => 'Sync', :action => "two", :ids => @ids }, :class => "mark_as_read_link", :remote => true %>

In the controller I am iterating over this list and delete objects:

def two
   params[:ids].each { |id|
    .....
   }
end

I am just wondering if there is a better way to pass this ids-list, because it can be very long and i'm not sure that the link doesn't have any limitations.

ceth
  • 44,198
  • 62
  • 180
  • 289
  • The link itself doesn't have limitations, but the session/cookies does. The `params` hash is contained inside the session/cookies, so if you have a loooong list of strings, maybe sometime you would have to increase your session/cookie size. – MurifoX Nov 13 '12 at 12:18

1 Answers1

2

First, the length of URL has a limitation of about 2000 characters. (See What is the maximum length of a URL?) So you cannot pass too many ids this way.

Second, GET requests are not protected from Cross-Site Request Forgery as POST requests.

So I think a better solution could be creating a form and keeping the ids with a hidden INPUT tag.

BTW, instead of deleting objects one by one, you can delete objects with one call: YourModel.delete_all(id: params[:ids])

Community
  • 1
  • 1
Yanhao
  • 5,264
  • 1
  • 22
  • 15