Before we get into the anti-patterns of controllers, let's see how controller allows us to pass different formats to views and the client-side of an application.
Go to projects_controller.rb file, and go to the create method.

The respond_to block in this method formats both html and json, provided the previous line executes without any error.

If you look at the format.html call, you can see that there are two parameters. The first one redirects to the project variable while the second one displays a notice or message after the project is created. You can test it in your browser too. Go to localhost:3000/projects, click on New Project link, enter the title and description and click the button called Create Project.

You can see the same message now displayed on the browser. You can change the text to say something like "Congratulations! The project was created." Now, if you go to the browser and create another project, you can see this content displayed for you.

So, this is how you can customize the messages sent to your html files.

You can do the same for the update function or just about for any other action in your application. Likewise, you can format your content for json too.

In the next line, you can see the else block. While the previous if block tells the application what to do when the project is successfully created, this block tells the application what to do when the project was not created due to any reason. In this code, the application will render a new form template and no error messages, if the creation fails.
You can do the same in update and delete methods too, and check the results in your browser.

In the second part of this lesson, we are going to talk a little bit more about the private methods. If you notice, the set_project and project_params methods are private which means its best to access it within this class. While it's possible to access this method outside of this class, it's not considered good programming practice.

Now, let's look a little closely at the project_params method.

Essentially, this method allows only certain parameters to pass through, to protect your application from malware, virus and other security problems. In this case, this method permits you to pass only three parameters, namely, title, description and percent_complete in the same order. These are the same parameters that you can find in your schema.rb file.

To experiment a little bit, I'm going to remove the Description parameter. Now, if I go to the browser and create a new project with title and description, the description will not get passed through as you can see in the image below.

Though I entered content for description, it did not go to the database, so this field is empty.

So, this method protects your application and sends only those parameters that you white-listed in this method.

If you scroll-up a little bit, you can see that this method is called in both the create and update methods. This project_params method can be particularly important during a database migration project where you need to add more fields.