On 4:
http://api.rubyonrails.org/classes/ActiveRecord/Migration.html#label-Reversible+Migrations
Looks like you just define the up, AR takes care of the rest. Never
tried it, it'll save a few lines of code though.
On injection, AR sanitizes almost everything I believe. The only thing
I know to avoid is using a user set variable straight in a string:
"thing = #{@input.user_var}"
That's dangerous, you're supposed to do this:
"thing = ?", @input.user_var
Dave
On Mon, May 21, 2012 at 4:52 AM, Dave Everitt <[email protected]> wrote:
> Thanks Nokan, Dave, Philippe for your replies, it's good to get a measure of
> standard practice even for things as simple as this.
>
> There just remains no. 4 (from a question by Isak Andersson
> http://comments.gmane.org/gmane.comp.lang.ruby.camping.general/1751)
>
> for which I'd like an opinion, since I can't find a definitive answer from
> the AR docs... and can only fond a reference to it on the Ember GitHub
> readme:
> https://github.com/EmberAds/acts_as_uuid
>
> or slide 21 of this AR intro:
> http://www.slideshare.net/blazingcloud/active-record-introduction-3
>
> since I've only ever used 'up' and 'down' (and don't use Rails) this isn't
> obvious to me :-)
>
> Finally, what's a good approach to security (SQL injection?) for a public
> app?
>
> DaveE
>
>
>>> 4.
>>> There's also this from a previous post (opinions please?):
>>>
>>> "On the part of migrations ... "def self.up" and "def self.down" ... gave
>>> me errors for some reason. But ... it should be updated to "def self.change"
>>> ... that's the modern way of doing it."
>>>
>>> DaveE
>
>
> _______________________________________________
> Camping-list mailing list
> [email protected]
> http://rubyforge.org/mailman/listinfo/camping-list
--
Dave
_______________________________________________
Camping-list mailing list
[email protected]
http://rubyforge.org/mailman/listinfo/camping-list
