Colin is right here, just use relationships.
However, as you are considering writing raw SQL, keep in mind the danger of SQL
injection. Beyond the reason stated to keep your SQL database-independant
(which is strange advice IMO since it is very rare to move between data stores
on a large project, and even if you do it is pretty easy to re-write SQL), the
most important thing here is that you don't a security vulnerability for SQL
injection.
In your original example, Card.where(box_id: params[:box_id]) is actually safe,
since where with a hash of parameters sanitizes the data. However,
Card.where("box_id: #{params[:box_id]") is NOT SAFE -- don't ever do that.
Check out http://rails-sqli.org and take some time to learn how to run
http://brakemanscanner.org against your code (it's very easy)
But actually Colin is right, you're over engineering, just use relationships
and don't worry about writing your own SQL. FWIW, I do sometimes write my own
SQL, but only when I absolutely have to because ActiveRecord can't capture what
I need to do in SQL (which is very, very rare)
-Jason
On Jun 15, 2014, at 4:37 AM, Colin Law <clan...@gmail.com> wrote:
> On 15 June 2014 09:29, Ronald Fischer <li...@ruby-forum.com> wrote:
>> My solution works, but I wonder if there is a better one.
>>
>> I have a model (:cards), which has a foreign key :box_id. I am
>> interested in the id's of those cards which have a certain box_id.
>> Currently I assume that I can easily hold an array of all thos :cards in
>> memory (i.e. no cursor needed).
>
> Assuming that you have the relationships setup accordingly (so card
> belongs_to box and box has_many cards or something similar) then to
> get the cards belonging to a certain box you can just use
> @cards = @box.cards
> then to get the id of each box in just use box.id
>
> If the above does not make sense then I suggest you work right through
> a good tutorial such as railstutorial.org, which is free to use
> online, which will show you the basics of Rails.
>
> Colin
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rubyonrails-talk+unsubscr...@googlegroups.com.
> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/rubyonrails-talk/CAL%3D0gLtzUwcFhgeRgczSFyT21cnDXSSWfUStk5g4KjzoOYicSw%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to rubyonrails-talk+unsubscr...@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/086C0C8B-6D1A-42DD-B443-3BEB1D54CE49%40datatravels.com.
For more options, visit https://groups.google.com/d/optout.
