On the above page it states
The create action uses the message params method to safely collect data from the form and update the database.
What does it mean by "safely"? How could this have been designed in an unsafe way?
In what circumstance would if @message.save return false? I tried inputting an empty message and it still went into the database and showed up at /messages.
Why is :message required in the message_params function but :content is only permitted? What does this mean exactly and why have we set it up this way?
def create @message = Message.new(message_params) if @message.save redirect_to '/messages' else render 'new' end end private def message_params params.require(:message).permit(:content) end