Displaying 20 results from an estimated 10000 matches similar to: "is Client.find(params[:id]) safe?"
2006 Jan 17
6
database.yml and remote mysql database
I can''t seem to connect to a remote database. Here is what I''ve tried.
the database,username,password, and host have been changed to protect
the innocent.
development:
adapter: mysql
database: database
username: username
password: password
host: host
port: 3306
Here is the error
/usr/lib/ruby/1.8/yaml.rb:133:in `load'': syntax error on line 11, col 2:
`
2006 Apr 08
4
rails won''t cache my action
I''ve decided to dive into page caching for my rails app. I''m doing my
testing with webbrick and it refuses to display the cached page for a
particular action. I''ve modified my paginator helper to put the page
parameter in the url so that the paginated page can be used with
caching. This works perfectly when the page parameter is in the url (ie
browse/2006/2 or
2006 Mar 20
16
Secret URLs and file downloads
I''m looking to do something similar to the "secret URLs" in Rails
Recipes, however, with file downloads. I want to avoid providing direct
URLs to people if possible.
I have files on disk in public/, so it would be good if each user got a
"unique" URL to each file that they are permitted to see (dealt with by
a user_id/file_id table). Then they are only allowed
2006 Nov 04
2
adding a method to an ActiveRecord Object
I''ve already pulled my object from the database. Now I want to add a
method. What I''m doing is adding the username to the activerecord object so
I''ll have the name and user_id. How can I do this. The code below fails in
the view. It appears it''s overwriting the rest of my object
def self.find_with_author(id)
@article = Article.find(id)
2006 May 23
2
additional fields in session DB table
I am using active record sessions and everything works fine. I am
integrating it with phpbb however so i need some extra fields populated in
the session table. In application.rb i put a before_filter to update the
session table
I have a model for the sessions
$ more app/models/session.rb
class Session < ActiveRecord::Base
set_primary_key "session_id"
set_table_name
2006 Apr 08
2
Is caching in rails broken or at least very flawed?
I was going to add caching to my applications, but everything that I''ve
found through google is about all of the problems everyone has had with
caching. Is is really as bad as I''ve read?
--
Posted via http://www.ruby-forum.com/.
2006 Jul 30
3
Accessing @org.id yields internal number, not record id
With apologies, I can''t figure out the simplest thing: How to reference
a record id instead of the internal memory location of that value. I''m
new to Ruby but otherwise a veteran VB6/SQL programmer.
My code:
<snip>
sSQL = "SELECT id, org_name FROM organizations WHERE user_id =
''#{sUserId}'' AND user_password =
2006 Apr 19
3
best way to check session for nil
Hello,
What is the best way in rails to check a session hash value for nil ? I
have a session hash called user (session[:user]) that sometimes I have to
check for a certain variable like session[:user].email. however the
following always results in an error
if session[:user].email
and I always have to do
if session[:user] and session[:user].email
Is there a cleaner way to do this then
2006 Jan 21
3
need some help designing my threaded messaging system
Hi,
I want to create a messaging system that recognizes threads of messages, not
unlike gmail.
So far I have these models:
Conversation
belongs_to :user
has_many :messages
Message
belongs_to :conversation
The problem I am running into is not only does a conversation belong to a
user but the conversation also has a receipient user with his/her
corresponding conversation. How would I
2006 May 26
8
calling render_to_string outside of controller
How can I call render_to_string outside of a controller. I''m stuck on
this. I''ve nearly got my plugin finished but I can''t seem to get this
to work. The method is in ActionController::Base but it is protected.
--
Posted via http://www.ruby-forum.com/.
2006 May 12
5
how long before deleting sessions ?
What is the recommended amount of time to keep sessions around in the
database (i store them in a sessions table). IF you get 1 million requests
per day you are going to get 1 million new session entries in the DB. This
would need some serious cleaning so just wondering what a safe cleanup time
would be.
Also does anyone know how to prevent new sessions records from being created
if session
2006 Feb 24
6
Duplicate entry - how to check if an id exist before saving?
How do I check if an entry exists before saving?
Someone one told me to use the method find_or_create (or something like
that)
but it didn''t work because I think the version of rails that we have is
not the most recent.
I need a way to check if an id exists in the db before saving. Any
suggestions?
Thank you
--
Posted via http://www.ruby-forum.com/.
2009 Nov 09
3
How can I improve a Ruby on Rails code that hast a lot of SQL as strings?
Hello Railists,
I have a piece of Ruby on Rails code that has a complex SQL query (well, not
that complex, but as far as I know beyond the ORM capabilities) and for my
taste it has too many strings and harcoded values. I''d like to improve it as
much as possible, so my question is open ended, what else can I do to
improve it?
Some particular issues I have
- Is there a way to get a table
2006 May 26
11
Weird Caching Issue
Hey all,
Here''s the issue... I''m not entirely sure it''s even a Cache-related issue,
but here it goes:
I''ve deployed a Rails app onto a subdomain of my clients site... The server
is running Apache2, and I''m proxying through to Lighttpd. The issue I''m
having is that I''m able to add content to the site (data exists in the db),
but
2006 Mar 01
2
safe html links
Hi,
I''m working on a web app that allows users to submit links to external
sites. I''m curious if there are any special security considerations I
should take aside from escaping the user input with h( )? Is it safe to
directly link_to h(user_inputted_url), h(user_inputted_url) or could that be
exploited in a way that I''m not thinking of. Thanks.
-------------- next
2006 Jan 13
1
validating without saving
i am trying to validate without saving use the valid? method on my
object. however i keep getting the following error (that i reproduced
in console) "NoMethodError for field"
Any ideas ?
thanks
adam
Loading development environment.
>> p = Post.new
=> #<Post:0x407b6050 @attributes={"created_on"=>nil, "subcat"=>1,
"cat"=>nil,
2005 Dec 11
9
LIKE SQL queries in rails
I''m trying to do something like:
SELECT * FROM attachment WHERE filename LIKE ''%whatever%'';
so my code is:
@search = params[:search]
@attachments = Attachment.find(:all, :conditions => ["filename LIKE
''%?%''", @search.to_s])
but that''s converting to:
SELECT * FROM attachments WHERE (filename LIKE
2005 Nov 22
11
Building a conditions clause (for find) of multiple optional params?
I want to be able to find items according to various params - category_id, member_id, type_id,
rating, etc. What I have now is something like:
if(@params[''category_id''])
@items=Item.find(:all, :conditions=>["category_id=?", @params[''category_id''])
elsif(@params[''category_id''] and @params[''member_id''])
2006 Apr 15
4
sql injection
Hi,
All through my current project, I''ve been assuming that rails is
clever enough to prevent SQL injections automatically. Is this right?
If not, what''s the best way of doing it?
-Nathan
2006 Oct 23
3
passing parameter to action
i have a table of data in my application. i would like to be able to
sort the data in the table by clicking on the column header. the way
i was thinking i want to do this is just by making a ''sort'' action,
and then calling the sort action from each link in the table header
(passing the respective column name). it doesn''t seem to be possible
to pass parameters to an