similar to: Rails Best Practices Page

In web applications that have user generated content, it is clearly necessary to provide some ability to ''escape'' user generated text to avoid SQL injection, XSS, and other nasty attacks. The existing dogma on this point seems to favor escaping text as it comes out of the database, rather than doing it on the way in. I''m not sure that I understand the logic behind

Fellow Railers, Is there anything, anywhere, that I can read that discusses overall RoR app design? I have the Agile RoR book, which is great for learning the details of RoR, but unfortunately doesn''t cover the overall issue of creating a large, complex RoR app. My staff and I are still in the process of getting up to speed on Ruby and RoR, but we also need to begin thinking about

i have a 2 step form which contains 1 file_column field. The second form is just "This is how your post will look" kind of form and the user can click Edit (to take them back to form1) or Submit. If the user clicks edit it takes them back to the first form with fields populated. I have it working with all text fields, I just dont know how to do this with file_column field (showing the

I have several TIME columns in a PostgreSQL table that I am trying to store times of day in. These columns allow NULL values since there may some records where there is no time to store. My problem is that Rails is inserting a default value into these fields (the result of calling Time.new) regardless of the value that is passed from a form. I am generating select tags with possible time

I have a crude hack to allow auto_complete to work with indexed text fields. I needed it for a timecard entry form with an arbtirary number of records which can be added/changed/delete willy-nilly by users. One of the fields is a perfect candidate for autocomplete since it references a database object with a large number of choices and long descriptions. Using a select list is extremely ugly in

What does everyone on this list think about enhancing scaffolding somehow so that a "has_many" relationship will automatically drop the <select> box into the view to reference the "belongs_to" part of the view? I think scaffolding is great but I am always adding the <select> boxes to reference the parent association. Do you think this would be useful? just a

Does anybody have any issues with the AJAX code inside rails? Whenever i use any sites i have built, or even external sites (such as basecamphq) my internal security device blocks access to the Ajax piece with a 400 Bad Request ( i scoured the net for other ajax examples and no isses anywhere else). I think there is something in the AJAX code of rails that is not implemented correctly. Has

when retreiving a date from a DATETIME field in a database, is there a way to set the date to the value of the DB in the view? It seems to always default to the current date... if I have a field called birthdate in the users table and i do @user = User.find(@params[:id]) in my view i have a <%= date_select ''birthdate'',''user'' %> but dont know how to

For those who cant access IRC, or just looking for a quick browser based alternative, i started an open jabber powered webchat for rails. Hopefully this will be a nice alternative for people to go to ask questions, get some help, offer some help, etc. I hope the community enjoys it, just trying to give a little back for all the hard work. It can be accessed here http://jabber.dufftech.com

How does one encode URLs in ROR? Thanks Frank --------------------------------- Bring words and photos together (easily) with PhotoMail - it''s free and works with Yahoo! Mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060130/60280869/attachment.html

is there a way using the file_column plugin to enforce a certain content type based on regex (i.ie, /^image/) and/or filesize (150k) ? thanks adam

I am using active record sessions and everything works fine. I am integrating it with phpbb however so i need some extra fields populated in the session table. In application.rb i put a before_filter to update the session table I have a model for the sessions $ more app/models/session.rb class Session < ActiveRecord::Base set_primary_key "session_id" set_table_name

I am using the standard login controller that ships with RoR to authenticate users in my application. In my app, Users belong to Clients, Clients have Projects that users are assigned to (stored in a stakeholder table with user_id and project_id columns) , then each project has a bunch of folders and assets (file uploads). So currently I have urls that look like /project/show/12 etc. I want

Does anybody know how to access the domain of a cookie from inside rails? I am try to integrate phpbb forums into my site and one of the things phpbb does is store a cookie. The forums are at forums.domain.com and the site is www.domain.com so i needed to set the cookie domain in phpbb to just be ".domain.com" so both sites can access it. The trouble is when using cookies[] in rails,

Has anyone successfully integrated (embedded) vbulletin into a rails app? I would be curious to see if/how this worked. RForum still seems quite beta so I am looking for something a little more tried and true. thanks adam

Hello, What is the best way in rails to check a session hash value for nil ? I have a session hash called user (session[:user]) that sometimes I have to check for a certain variable like session[:user].email. however the following always results in an error if session[:user].email and I always have to do if session[:user] and session[:user].email Is there a cleaner way to do this then

is it possible to store a field of type file_column in the session? Rails crashes on me every time i try to do something like the following: @session[:newpost] = @params[:post] however if i assign each field of @params[:post[ except for @params[:post]["image"] i have no problems. Is there something that should be done to allow the file in the session? thanks adam

Hello, I have a hash that contains categories, and each category ID is a hash of subcategories. What i want to do is dynamically load that hash, loop thru it, for each category , subcat run a query against the DB, and render a partial. The issue is i put the render:partial in a for loop but you can only render once per action. What is the best way to loop thru all my categories without a

I would like to have a login box setup so that if incorrect info is submitted, the box "shakes" via Effect.Shake. If the correct information is submitted, I want to redirect to some other page. The only solution I''ve found is the following, which is pretty ugly, as it displays the javascript I''m invoking on the page prior to the redirect. Here is the code: The Form

What is the recommended amount of time to keep sessions around in the database (i store them in a sessions table). IF you get 1 million requests per day you are going to get 1 million new session entries in the DB. This would need some serious cleaning so just wondering what a safe cleanup time would be. Also does anyone know how to prevent new sessions records from being created if session