这是冒险的代码吗?

时间:2016-11-04 21:14:40

标签: ruby-on-rails stripe-payments

class TicketChargesController < ApplicationController

  def new
  end

  def create
    @ticket = Ticket.last

  # Amount in cents
  @amount = @ticket.amount

  customer = Stripe::Customer.create(
    :email => params[:stripeEmail],
    :card  => params[:stripeToken]
  )

  charge = Stripe::Charge.create(
    :customer    => customer.id,
    :amount      => @amount,
    :description => @ticket.event.title,
    :currency    => 'usd'
  )

rescue Stripe::CardError => e
  flash[:error] = e.message
  redirect_to charges_path
  end
end

请注意

@ticket=Ticket.find(params[:id]) 

不起作用,我想是因为ticket_charges没有模型而且@ticket在ticket_controller中?所以我的代码可以工作,但我不确定这是否是正确的方法来处理这个问题,处理金钱是可怕的!感谢

1 个答案:

答案 0 :(得分:0)

获得

@ticket = Ticket.find(params[:id])

工作,我不得不在表单中使用隐藏字段,将对象从tickets_controller传递到ticket_charges_controller并将代码更改为:

@ticket = Ticket.find(params[:ticket_id]) 

感谢Alexandre Angelim