I''m trying to use button_to and have it use an image in place of the
submit button. I had figured it would work the same as link_to like so:
button_to(image_tag("editicon", :size => "16x16", :border
=> 0), :action
=> ''edit'', :id => person.id)
but this instead displays the image code as the button name. Surely
there is a simple way to do this?
--
Posted via http://www.ruby-forum.com/.
Ryan Williams wrote:> I''m trying to use button_to and have it use an image in place of the > submit button. I had figured it would work the same as link_to like so: > > button_to(image_tag("editicon", :size => "16x16", :border => 0), :action > => ''edit'', :id => person.id) > > but this instead displays the image code as the button name. Surely > there is a simple way to do this?I presume that you''re talking about submiting a form, so you should use image_submit_tag instead of button_to... -- Posted via http://www.ruby-forum.com/.
> I presume that you''re talking about submiting a form, so you should use > image_submit_tag instead of button_to...button_to itself creates a form. I''m trying to simply have an icon that the user clicks on to delete an entry. And I would like the protection of using POST instead of GET, which is why I don''t want to just use link_to. Is the only way to do this to manually create the form each time and use image_submit_tag? -- Posted via http://www.ruby-forum.com/.
Sorry, I didn''t had such needs so I don''t say how to do (is there something RoR can''t do ?) But in my point of view, you should certainly not rely on the request method to protect from anything (as it doesn''t NOT protect you). -- Posted via http://www.ruby-forum.com/.
> But in my point of view, you should certainly not rely on the request > method to protect from anything (as it doesn''t NOT protect you).Well, "protect" is a relative term. Suggested reading: http://blog.moertel.com/articles/2005/05/08/taking-the-unsafe-gets-out-of-rails Often, using POST instead of GET is *far* safer... at least from the standpoint of triggering destructive actions accidentally. -- Posted via http://www.ruby-forum.com/.
Ryan Williams wrote:>> But in my point of view, you should certainly not rely on the request >> method to protect from anything (as it doesn''t NOT protect you). > > Well, "protect" is a relative term. Suggested reading: > > http://blog.moertel.com/articles/2005/05/08/taking-the-unsafe-gets-out-of-rails > > Often, using POST instead of GET is *far* safer... at least from the > standpoint of triggering destructive actions accidentally.A GET request which is a *safe* request should never alter the state of the application in regard to the potential risk of web crawling. More to : http://en.wikipedia.org/wiki/HTTP -- Posted via http://www.ruby-forum.com/.