small medium large xlarge

23 Apr 2009, 11:42
Steven Noble (19 posts)

On p177, the error message “Invalid product” seemed just to harsh. I wanted something more explanatory, so I used:

flash[:notice] = "There is no product called #{params[:id]} in the catalogue. Please select a different product."

And I used “%=h” in the <%= %> that wraps the Flash[:notice] in the view.

The code works and the error makes sense to ordinary website users. Realistically, have a just opened a six-lane freeway for hackers?

You must be logged in to comment