The rails API documentation has this useful explanation of missing parameters and a hidden area:
http://api.rubyonrails.org/classes/ActionView/Helpers/FormHelper.html#method-i-check_box
check_box (object_name, method, options = {}, checked_value = "1", unchecked_value = "0")
Returns a flag tag specifically designed to access the specified attribute (identified by the method) for the object assigned to the template (identified by the object). This object must be an instance object (@object), not a local object. It is assumed that the method returns an integer, and if this integer is above zero, then the checkbox is selected. Additional parameters of the input tag can be transmitted as a hash with parameters. The default value of checked_value is 1, and the default value of unchecked_value is 0, which is convenient for boolean values. Caught
The HTML specification states that checkboxes with checkboxes were unsuccessful and therefore web browsers do not send them. Unfortunately, this introduces getcha: if the account model has a paid flag, and in the form that edits the paid account, the user unchecks the box, no paid parameter is sent. Thus, any hypostasis of mass appropriation, such as
@ invoice.update_attributes (PARAMS [: invoice])
will not update the flag.
To prevent this, the helper generates an auxiliary hidden field right up to the checkbox. A hidden field has the same name, and its attributes mimic an uncontrolled flag.
Thus, the client sends only a hidden field (if unchecked) or both fields. Since the HTML specification states that key / value pairs should be sent in the same order, they appear on the form, and retrieving the parameters gets the last occurrence of any re-key in the query string, which works for regular forms.
earnold
source share