Hi,
This is a piece of code found in a fictional Rails controller and
model.
Please point out any bugs or security problems in the code, fix them,
and refactor the code to make it cleaner.
class ProfileController < ApplicationController
def show
@user = User.find(:first, :conditions => "name
''#{params[:name]}''")
@roles = Role.find(:all, :conditions => "user_id =
#{@user.id}")
end
end
class User < ActiveRecord::Base
end
class Role < ActiveRecord::Base
end
Please help me out.
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
Hi Srimanta,
Assigning values directly to the DB columns from UI can cause sql
injection. To avoid this, I would write this as :
@user = User.find(:first, :conditions => ["name = ?",
params[:name]])
I think, your association between User and Role is as follows :
User has many roles
Role has many users
For this you may be using the model association as :
class User < ActiveRecord::Base
has_many :users_roles
has_many :roles, :through => :users_roles
end
class Role < ActiveRecord::Base
has_many :users_roles
has_many :users, :through => :users_roles
end
From this, the ProfileController can be written as :
class ProfileController < ApplicationController
def show
@user = User.find(:first, :conditions => ["name = ?",
params[:name]])
@roles = @user.roles
end
end
Thanks,
Neethu
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
On 3 February 2012 07:07, Srimanta Chakraborty <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> This is a piece of code found in a fictional Rails controller and > model. > Please point out any bugs or security problems in the code, fix them, > and refactor the code to make it cleaner.Sure... how much are you offering to pay for people to do your fictional homework for you? :rollseyes: ;-) -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Thanks a lot. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Srimanta Chakraborty wrote in post #1043866:> Thanks a lot to Neethu Satheesh. > Can you help me once again to answer the following: > What problems can arise when users hits the get_pdf action? > If there are problems, how can it be solved? > > class PdfController < ApplicationController > def get_pdf > send_data Pdf.create(params[:contents]) > end > end > > class Pdf > def self.create(contents) > make_pdf(contents) # takes 30 seconds to run > end > endThanks Neethu Satheesh, no need to answer the above question I have solved that problem. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.