janycefkiralf
New Member
My Rails 3 app contains a form which isn't bound to a model. I'm using \[code\]form_tag\[/code\], and my controller looks a little like this:\[code\]def results local_variable = params[:my_form_field].to_send\[/code\]I do various other bits and pieces in the controller using \[code\]local_variable\[/code\], so obviously I would like to sanitise my form against "illegal" input that a nasty user might enter (particularly HTML tags, or even injections).I really need to do this in the controller rather than in my view. Is there something similar to \[code\]to_s\[/code\] I could use within the controller to remove these characters?Thanks!