Should we use strong params when we update only one attribute?
问题 I'm working on a Rails app and I have several actions( #delete_later, #ban_later and so on) where I only set one attribute from the request parameter( specifically, a reason field for doing that action). I was wondering if it is ok to do it like this: def ban_later @object.reason = params[:object][:reason] @object.save end Or is it a best practice to use strong params even in this situation? def ban_later @object.reason = object_params[:reason] @object.save end private def object_params