Ruby on Rails

Hi Srimanta,

Assigning values directly to the DB columns from UI can cause sql
injection. To avoid this, I would write this as :

@user = User.find(:first, :conditions => ["name = ?", params[:name]])

I think, your association between User and Role is as follows :

User has many roles
Role has many users

For this you may be using the model association as :

class User < ActiveRecord::Base
has_many :users_roles
has_many :roles, :through => :users_roles
end

class Role < ActiveRecord::Base
has_many :users_roles
has_many :users, :through => :users_roles
end

From this, the ProfileController can be written as :

class ProfileController < ApplicationController
def show
@user = User.find(:first, :conditions => ["name = ?",
params[:name]])
@roles = @user.roles
end
end

Thanks,

Neethu

--
Posted via http://www.ruby-forum.com/.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.