I've thrown together a quick down and dirty app to track some information on a temp basis. I know, don't store passwords in clear text. This is not public facing, it's on an internal box with extreme security; nobody's getting to it and the page isn't accessible but to only a a short list. Anyway... I'm trying to figure out why when I edit a record, the Update saves a records field, which hasn't been edited, as blank when it was read from the database with a value. In this case, I select a record from the index view. I edit that record, not touching the password field. I save the record. As you can see from the log, the field is blank.

Form code

    <%= form_for(@swiftpwd) do |f| %>
        <% if @swiftpwd.errors.any? %>
            <div id="error_explanation">
              <h2><%= pluralize(@swiftpwd.errors.count, "error") %> prohibited this swiftpwd from being saved:</h2>

              <ul>
              <% @swiftpwd.errors.full_messages.each do |msg| %>
                <li><%= msg %></li>
              <% end %>
              </ul>
            </div>
        <% end %>

        <div class="field">
            Customer Name<br />
            <%= f.text_field :customername %>
        </div>
        <div class="field">
            Email Address<br />
            <%= f.text_field :emailaddr %>
        </div>
        <div class="field">
            Password<br />
            <%= f.password_field :password %>
        </div>
        <div class="field">
            Phone Number<br />
            <%= f.text_field :phone %>
        </div>
        <div class="field"">
            Notes<br />
            <%= f.text_area(:notes, :size=>'50x10') %>
        </div>
        <div class="actions">
            <%= f.submit 'Submit' %>
        </div>
    <% end %>

Controller

PUT /swiftinfo/1
PUT /swiftinfo/1.json
def update
  @swiftinfo = Swiftinfo.find(params[:id])
  @swiftinfo.staffid = @staffid

  respond_to do |format|
    if @swiftinfo.update_attributes(params[:swiftinfo])
      format.html { redirect_to root_path, notice: 'Accounts was successfully updated.' }
      format.json { head :no_content }
    else
      format.html { render action: "edit" }
      format.json { render json: @swiftinfo.errors, status: :unprocessable_entity }
    end
  end
end

Log

Started PUT "/swiftinfo/10" for 192.168.207.200 at 2013-05-17 16:46:57 -0700
Processing by swiftinfoController#update as HTML
    Parameters: {"utf8"=>"✓", "authenticity_token"=>"tYo36rKCPtiplb+qLuF8QpcITXD/b0K869LNhakfOdg=", "swiftpwd"=>{"customername"=>"Customer name ", "emailaddr"=>"user@domain.net", "password"=>"[FILTERED]", "phone"=>"", "notes"=>"Note"}, "commit"=>"Submit", "id"=>"10"}
    Swiftinfo Load (0.1ms)  SELECT "swiftinfo".* FROM "swiftinfo" WHERE "swiftinfo"."id" = ? LIMIT 1  [["id", "10"]]
     (0.1ms)  begin transaction
     (0.3ms)  UPDATE "swiftinfo" SET "password" = '', "notes" = 'Note', "updated_at" = '2013-05-17 23:46:57.586414' WHERE "swiftinfo"."id" = 10
     (169.7ms)  commit transaction
Redirected to http://192.168.1.52:7779/
Completed 302 Found in 211ms (ActiveRecord: 170.2ms)

@anonymousxxx - Quick answer, yes, if it's been edited and blanked out. But that's the thing, the field is not blank when I edit, or shouldn't be. I mask the passwords from the users on the index.html.erb (I don't render the swiftinfo.password value but simply display "*****". To test, I show the password value (swiftinfo.password) <%= swiftinfo.password %> and indeed, there's a password. So when I edit that record (or a record), again, the password has a value. So, if I don't edit that field, but rather edit another field, or no field, the update should save the current values, edited or original, to the table.

UPDATE:

Ok, I've isolated the issue to this:

<%= f.password_field :password %> - Browser displays blank, record is saved with a blank value
%= f.text_field :password %>

Displays the password cleartext, but record saves the correct value (current or changed) to table.