Displaying 20 results from an estimated 8000 matches similar to: "sql injection"
2007 Dec 22
8
Rails 2.0 rescue_from
I am trying to use the new Rails 2.0 macro : rescue_from
class PostsController < ApplicationController
rescue_from ActiveRecord::RecordNotFound, :with => :deny_access
...
def show
@post = Post.find_by_id(params[:id])
raise ActiveRecord::RecordNotFound if @post.nil? #illegal access
.....
end
def deny_access
respond_to do |format|
format.html
end
end
but the
2005 Dec 11
9
LIKE SQL queries in rails
I''m trying to do something like:
SELECT * FROM attachment WHERE filename LIKE ''%whatever%'';
so my code is:
@search = params[:search]
@attachments = Attachment.find(:all, :conditions => ["filename LIKE
''%?%''", @search.to_s])
but that''s converting to:
SELECT * FROM attachments WHERE (filename LIKE
2006 Mar 22
7
What is difference between render & redirect methods?
Hi,
Thest are two methods:-
1) redirect_to :action => ''list''
2) render :action => ''list''
what is difference between these two methods??????
Thanks.
Prash
--
Posted via http://www.ruby-forum.com/.
2006 Apr 23
18
Applications used in the Rails video?
Hi all,
I just watched the rail video:
http://www.rubyonrails.org/media/video/rails_take2_with_sound.mov
I am just curious. I can tell that the video was done on a Mac, but I
cannot tell which applications were used for editing the code, and for
interfacing with MySQL database.
As far as editing source code, I normally use BBEdit (I''ve used it since
1994), but the editor used in
2006 Feb 11
5
after_(read|find) callback?
I am pondering the possibility of encrypting/decrypting some fields
in a SQLite backend on-the-fly.
The point of the message is not security, I know that''s broken, but
whether there''s a technique that provides on-the-fly save/read
filters. Of course the solution would need to work transparently in
joins, so
user.posts.last.title
would do the right thing if title
2006 Feb 04
22
What''s the best way to embed a form?
I would like to embed my login form on my app''s home page. What''s the best way to render the login action of member controller from another action?
Thanks
Frank
---------------------------------
Relax. Yahoo! Mail virus scanning helps detect nasty viruses!
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
2006 Apr 20
21
Can someone please explain Lighttpd + Mongrel + Rails.
I know that Mongrel is a web server that hosts rails applications. But
i don''t understand what part Lighttpd (or Apache) has in the setup. I
know that you can use Mongrel on its own. What does Lighttpd improve
on?
Thanks,
Chris
--
Posted via http://www.ruby-forum.com/.
2006 Apr 15
8
Migrations - adding a new table and automatically creating records
I want to create table called roles and then populate it with some new
records...This doesn''t work. Is there something I''m missing?
Craig
class AddRightsAndRolesTables < ActiveRecord::Migration
def self.up
create_table :roles do |t|
t.column "name", :string
end
Role.reset_column_information
Role.new :name => "Users Admin"
2006 May 15
11
can you explain this benchmark?
I want to load about 14000 words (a subset of /usr/share/dict/words)
into a MySQL table in a migration:
class CreateWords < ActiveRecord::Migration
def self.up
create_table :words, :force => true do |t|
t.column :word, :string
end
say_with_time ''loading words...'' do
words = File.join(RAILS_ROOT, ''db'',
2006 Apr 07
22
Find WHERE in Rails
I''d like to find all records that have a certain integer as their
"level" field in the database. I know how to find all the records:
allquestions = Question.find(:all)
...and I know how to find the one record that has a certain id:
allquestions = Question.find(params[:id])
...but how do you find all the records that share a certain value in one
of their fields? I tried
2013 Apr 12
4
rails named scopes and sql injection
HI guys,
I just came through an example on code of the place I work for that said
something like this could be vulnerable to sql injection attacks:
scope :with_name, lambda { |name| where("LOWER(name) LIKE ?",
name.downcase) }
I wonder if this is true. My thought is that rails should escape this and
that anything that tried to do something different would fail on the
translation
2006 Jul 17
18
Inserting datetime value into SQL Server
I have a SQL Server column named StartTime of (SQL Server) type datetime
If I attempt to set the attribute using
public
def StartTime=(time)
write_attribute(:StartTime, "{ts ''1899-12-30
#{time.hour}:#{time.min}:#{time.sec}''}")
end
it''s inserting a NULL value.
Anyone else able to successfully insert a date time value into a SQL
Server table using
2006 May 24
7
migrations and SQLite
I read in the instructions of Tracks that "upgrading via the rake
migrate command is quite a bit more tricky currently with SQLite and
SQLite3". Is there any gotcha regarding migrations and SQLite3?
-- fxn
2006 Dec 07
17
compress and max upload size?
I am using mongrel_cluster with mod_proxy_balancer and would like to
enable compression (assuming it improves throughtput) and limit file
size upload. I configured mod_deflate and LimitRequestSize in Apache,
but in my trials looks like the proxied calls bypass those directives
(the conf goes below).
Is there a way to get this?
-- fxn
# Adapt this .example locally, as usual.
#
# To be
2006 Apr 29
7
catch "find" exception
obviously, follow code is not working
<p>
<% if !@group.users.find(session[:user].id) %>
<%= link_to "Join This Group", :action => "join", :id => @group %>
<% end %>
</p>
"find" always throw an exception. I want to display the link of "find"
fails, what is the right way to do this?
Thanks.
--
Posted via
2006 Feb 19
4
is "display" a reserved name of some sort?
A view display.rhtml sees no controller state variables set in the
corresponding display action. Why?
-- fxn
2006 Jul 17
5
quantic phenomena in migrations
I have an application with 15 migrations under version control. In a
Mac and and in a Windows, a rake migrate from scratch runs them all
just fine. But in a different Windows machine rake migrate stops
after migration 3 for no apparent reason. --trace seems normal. No
error is reported. Both Windows are XP SP2. They all have the same
svn revision and Rails-related software, database is
2006 Apr 10
5
ActiveRecord: Behavior not doumented
Hello everbody, doing a
#find(:first,an_id)
with Rails 1.1.0 I expected that find returns the record which id mathches the
given parameter an_id or nil if it couldn''t be found.
This behaviour is documented on api.rubyonrails.org.
But the find returns the first available object and not nil if an_id is not in
the db. Is the doc on rubyonrails.org out of sync?
Greetings,
--
Daniel
2006 Jun 01
5
History plugin
Hello,
I felt annoyed enough when having to redirect user back to their
previous location in a hackish way that I wrote this plugin.
It avoids storing POST and Ajax request. It also has a facility to
specify actions not to store in the history.
If you are interested, it''s there:
http://blog.cosinux.org/pages/rails-history
See you all,
Damien
--
Damien MERENNE
2007 Oct 15
6
SQL injection with :order, :limit, :group
I know how to avoid SQL injection attacks when you use :conditions
User.find :first, :conditions => ["login=?", params[:username]]
but how about with :order, :limit or :group?
# uh-oh...spaghetti-oh
User.find :first, :order => "login; delete from users; select * from users"
Pat
--~--~---------~--~----~------------~-------~--~----~
You received this message because you