Quick question , in a find statement, particularly the :conditions part. if you see something like conditions => ["user = ?", user]) what would you be drawing the first "user" from and the second ? I''m taking this from the AWDWR book. If user is a column / method in the model , are you just repeat it twice , or would you say user = ?, tom ? I''m confused. TIA Stuart -- http://en.wikipedia.org/wiki/Dark_ambient --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
On 9/20/06, Dark Ambient <sambient-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > > Quick question , in a find statement, particularly the :conditions part. > if you see something like conditions => ["user = ?", user]) > what would you be drawing the first "user" from and the second ? I''m > taking this from the AWDWR book. > If user is a column / method in the model , are you just repeat it > twice , or would you say > user = ?, tom ? I''m confused.The user in the quoted string is part of the final SQL statement; the other user is accessing a variable. The array method being used here provides reasonable security against SQL injection attacks - if you said "user = #{user}", malicious users could potentially insert arbitrary code. The [] method automatically escapes SQL metacharacters, so it''s safe. Hope this helps! -- Matt Jones mdj.acme-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org President/Technical Director, Acme Art Company (acmeartco.org) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
On 9/20/06, Matt Jones <mdj.acme-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > > > On 9/20/06, Dark Ambient <sambient-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > > Quick question , in a find statement, particularly the :conditions part. > > if you see something like conditions => ["user = ?", user]) > > what would you be drawing the first "user" from and the second ? I''m > > taking this from the AWDWR book. > > If user is a column / method in the model , are you just repeat it > > twice , or would you say > > user = ?, tom ? I''m confused. > > > > The user in the quoted string is part of the final SQL statement; the other > user is accessing a variable. The array method being used here provides > reasonable security against SQL injection attacks - if you said > "user = #{user}", malicious users could potentially insert arbitrary code. > The [] method automatically escapes SQL metacharacters, so it''s safe. > Hope this helps! > -- > Matt JonesLet me make sure I got this right - if the column name was user and then I did user = "jack" :conditions => ["user ?" <- this is the column, user <- this is jack] ? Stuart -- http://en.wikipedia.org/wiki/Dark_ambient --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Dark Ambient wrote:> Let me make sure I got this right - > if the column name was user and then I did > user = "jack" > :conditions => ["user ?" <- this is the column, user <- this is jack] ? > > Stuart >Yes. Be sure to check your development log, since it will show the full SQL query that was actually run and can give great insight into how what you''re passing in your find translates into the final query. I recommend running a tail -f on the log in one window and experimenting with different commands in script/console in another window side-by-side for this purpose. Very educational. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
On 9/20/06, Jon Garvin <jgarvin.lists-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > Dark Ambient wrote: > > Let me make sure I got this right - > > if the column name was user and then I did > > user = "jack" > > :conditions => ["user ?" <- this is the column, user <- this is jack] ? > > > > Stuart > > > > Yes. Be sure to check your development log, since it will show the > full SQL query that was actually run and can give great insight into how > what you''re passing in your find translates into the final query. I > recommend running a tail -f on the log in one window and experimenting > with different commands in script/console in another window side-by-side > for this purpose. Very educational. >Thank you Jon, excellent recommendation - didnt know about that fact. Stuart -- http://en.wikipedia.org/wiki/Dark_ambient --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
On 9/20/06, Dark Ambient <sambient-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On 9/20/06, Jon Garvin <jgarvin.lists-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > > Dark Ambient wrote: > > > Let me make sure I got this right - > > > if the column name was user and then I did > > > user = "jack" > > > :conditions => ["user ?" <- this is the column, user <- this is jack] ? > > > > > > Stuart > > > > > > > Yes. Be sure to check your development log, since it will show the > > full SQL query that was actually run and can give great insight into how > > what you''re passing in your find translates into the final query. I > > recommend running a tail -f on the log in one window and experimenting > > with different commands in script/console in another window side-by-side > > for this purpose. Very educational. > >Actually , I''m totally confused about what I''m seeing in the log . It looks like there are multiple queries going on. The one that stands out is the 2nd one , but I''m putting the find on the cdetails table not the users. user = 11 @cdetails = Cdetail.find(:all, :conditions => ["user_id = ?", user]) Parameters: {"action"=>"index", "controller"=>"cdetails"} [4;36;1mUser Columns (0.000000) [0;1mSHOW FIELDS FROM users [4;35;1mUser Load (0.000000) SELECT * FROM users WHERE (users.`id` = 11 ) LIMIT 1 [4;36;1mCdetail Columns (0.000000) [0;1mSHOW FIELDS FROM cdetails [4;35;1mSQL (0.000000) SELECT count(*) AS count_all FROM cdetails [4;36;1mCdetail Load (0.000000) [0;1mSELECT * FROM cdetails ORDER BY id LIMIT 0, 5 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
The
Parameters: {"action"=>"index",
"controller"=>"cdetails"}
part suggests to me you did something from the browser window, not the
console. When you load a page in your rails app in a browser rails is
going to make LOTS of SQL queries. Your syntax looks correct though.
Assuming that all the model relationships and tables are setup
correctly, from this...
@cdetails = Cdetail.find(:all, :conditions => ["user_id = ?",
user])
I would expect to see something like...
SELECT * FROM cdetails WHERE user_id = 11
In the log, which I assume is what you''re going for.
Dark Ambient wrote:> Actually , I''m totally confused about what I''m seeing in
the log . It
> looks like there are multiple queries going on. The one that stands
> out is the 2nd one , but I''m putting the find on the cdetails
table
> not the users.
>
> user = 11
> @cdetails = Cdetail.find(:all, :conditions => ["user_id = ?",
user])
>
> Parameters: {"action"=>"index",
"controller"=>"cdetails"}
> [4;36;1mUser Columns (0.000000) [0;1mSHOW FIELDS FROM users
> [4;35;1mUser Load (0.000000) SELECT * FROM users WHERE
> (users.`id` = 11 ) LIMIT 1
> [4;36;1mCdetail Columns (0.000000) [0;1mSHOW FIELDS FROM cdetails
> [4;35;1mSQL (0.000000) SELECT count(*) AS count_all FROM
> cdetails
> [4;36;1mCdetail Load (0.000000) [0;1mSELECT * FROM cdetails
> ORDER BY id LIMIT 0, 5
>
> >
>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---
> > > > user = 11 > > @cdetails = Cdetail.find(:all, :conditions => ["user_id = ?", user])If you just did that from the console, Rails would run just the one query on the Cdetails table. If you''re running it from the browser, there is probably some code referencing the user object(not just code that says user = 1) in there that you''re missing. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
On 9/20/06, Jon Garvin <jgarvin.lists-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > The > > Parameters: {"action"=>"index", "controller"=>"cdetails"} > > part suggests to me you did something from the browser window, not the > console. When you load a page in your rails app in a browser rails is > going to make LOTS of SQL queries. Your syntax looks correct though. > Assuming that all the model relationships and tables are setup > correctly, from this... > > @cdetails = Cdetail.find(:all, :conditions => ["user_id = ?", user]) > > I would expect to see something like... > > SELECT * FROM cdetails WHERE user_id = 11 > > > In the log, which I assume is what you''re going for. >Yep, works correctly in console. I guess something maybe is interferring in the console. Stuart --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---