similar to: is Client.find(params[:id]) safe?

I can''t seem to connect to a remote database. Here is what I''ve tried. the database,username,password, and host have been changed to protect the innocent. development: adapter: mysql database: database username: username password: password host: host port: 3306 Here is the error /usr/lib/ruby/1.8/yaml.rb:133:in `load'': syntax error on line 11, col 2: `

I''ve decided to dive into page caching for my rails app. I''m doing my testing with webbrick and it refuses to display the cached page for a particular action. I''ve modified my paginator helper to put the page parameter in the url so that the paginated page can be used with caching. This works perfectly when the page parameter is in the url (ie browse/2006/2 or

I''m looking to do something similar to the "secret URLs" in Rails Recipes, however, with file downloads. I want to avoid providing direct URLs to people if possible. I have files on disk in public/, so it would be good if each user got a "unique" URL to each file that they are permitted to see (dealt with by a user_id/file_id table). Then they are only allowed

I''ve already pulled my object from the database. Now I want to add a method. What I''m doing is adding the username to the activerecord object so I''ll have the name and user_id. How can I do this. The code below fails in the view. It appears it''s overwriting the rest of my object def self.find_with_author(id) @article = Article.find(id)

I am using active record sessions and everything works fine. I am integrating it with phpbb however so i need some extra fields populated in the session table. In application.rb i put a before_filter to update the session table I have a model for the sessions $ more app/models/session.rb class Session < ActiveRecord::Base set_primary_key "session_id" set_table_name

I was going to add caching to my applications, but everything that I''ve found through google is about all of the problems everyone has had with caching. Is is really as bad as I''ve read? -- Posted via http://www.ruby-forum.com/.

With apologies, I can''t figure out the simplest thing: How to reference a record id instead of the internal memory location of that value. I''m new to Ruby but otherwise a veteran VB6/SQL programmer. My code: <snip> sSQL = "SELECT id, org_name FROM organizations WHERE user_id = ''#{sUserId}'' AND user_password =

Hello, What is the best way in rails to check a session hash value for nil ? I have a session hash called user (session[:user]) that sometimes I have to check for a certain variable like session[:user].email. however the following always results in an error if session[:user].email and I always have to do if session[:user] and session[:user].email Is there a cleaner way to do this then

Hi, I want to create a messaging system that recognizes threads of messages, not unlike gmail. So far I have these models: Conversation belongs_to :user has_many :messages Message belongs_to :conversation The problem I am running into is not only does a conversation belong to a user but the conversation also has a receipient user with his/her corresponding conversation. How would I

How can I call render_to_string outside of a controller. I''m stuck on this. I''ve nearly got my plugin finished but I can''t seem to get this to work. The method is in ActionController::Base but it is protected. -- Posted via http://www.ruby-forum.com/.

What is the recommended amount of time to keep sessions around in the database (i store them in a sessions table). IF you get 1 million requests per day you are going to get 1 million new session entries in the DB. This would need some serious cleaning so just wondering what a safe cleanup time would be. Also does anyone know how to prevent new sessions records from being created if session

How do I check if an entry exists before saving? Someone one told me to use the method find_or_create (or something like that) but it didn''t work because I think the version of rails that we have is not the most recent. I need a way to check if an id exists in the db before saving. Any suggestions? Thank you -- Posted via http://www.ruby-forum.com/.

Hello Railists, I have a piece of Ruby on Rails code that has a complex SQL query (well, not that complex, but as far as I know beyond the ORM capabilities) and for my taste it has too many strings and harcoded values. I''d like to improve it as much as possible, so my question is open ended, what else can I do to improve it? Some particular issues I have - Is there a way to get a table

Hey all, Here''s the issue... I''m not entirely sure it''s even a Cache-related issue, but here it goes: I''ve deployed a Rails app onto a subdomain of my clients site... The server is running Apache2, and I''m proxying through to Lighttpd. The issue I''m having is that I''m able to add content to the site (data exists in the db), but

Hi, I''m working on a web app that allows users to submit links to external sites. I''m curious if there are any special security considerations I should take aside from escaping the user input with h( )? Is it safe to directly link_to h(user_inputted_url), h(user_inputted_url) or could that be exploited in a way that I''m not thinking of. Thanks. -------------- next

i am trying to validate without saving use the valid? method on my object. however i keep getting the following error (that i reproduced in console) "NoMethodError for field" Any ideas ? thanks adam Loading development environment. >> p = Post.new => #<Post:0x407b6050 @attributes={"created_on"=>nil, "subcat"=>1, "cat"=>nil,

I''m trying to do something like: SELECT * FROM attachment WHERE filename LIKE ''%whatever%''; so my code is: @search = params[:search] @attachments = Attachment.find(:all, :conditions => ["filename LIKE ''%?%''", @search.to_s]) but that''s converting to: SELECT * FROM attachments WHERE (filename LIKE

I want to be able to find items according to various params - category_id, member_id, type_id, rating, etc. What I have now is something like: if(@params[''category_id'']) @items=Item.find(:all, :conditions=>["category_id=?", @params[''category_id'']) elsif(@params[''category_id''] and @params[''member_id''])

Hi, All through my current project, I''ve been assuming that rails is clever enough to prevent SQL injections automatically. Is this right? If not, what''s the best way of doing it? -Nathan

i have a table of data in my application. i would like to be able to sort the data in the table by clicking on the column header. the way i was thinking i want to do this is just by making a ''sort'' action, and then calling the sort action from each link in the table header (passing the respective column name). it doesn''t seem to be possible to pass parameters to an