An update to this post:
Here, i'm trying to figure out which is the better approach or best
practice to show only active categories records from the category table.
Also, i want to prevent any SQL injection.
Do u think, using find_by_sql approach could protect the page from sql
injection to view all categories?
thanks,
radha
RailsFan Radha wrote:
>
>
> Colin Law wrote:
>> On 29 June 2010 03:19, RailsFan Radha <lists@ruby-forum.com> wrote:
>>>>
>>>> � def list
>>>
>>> �def self.find_active_categories
>>> � � �find_by_sql("SELECT * from category
>>> � � � � � where status = 'A')
>>> � � �order by category_id ")
>>> �end
>>
>> Don't use find_by_sql unless absolutely necessary. The above can be
>> done by using the :conditions and :order options in find. Also as I
>> suggested previously, I would use a named scope (with default_scope
>> for the order if you will always sort by the same thing).
>>
>>>
>>> And changed the controller, list action to call this new method.
>>>
>>> � def list
>>> � � � @categories=Category.find_active_categories
>>> � end
>>>
>>> And this seems to be working.
>>> Let me know if i have missed any or please add any additional info which
>>> this implies too.
>>
>> Do you always want to just show active categories on the index? If so
>> then that concept is ok (subject to comments above).
>>
>> Colin
>
>
>
> Thanks for ur response Colin. (I have earlier posted a solution using
> find_by_sql for this problem)
>
>
> What is the bext practice in this case? (Yes, I always want to show the
> active records only ).
> Using find_by_sql or using a condition in the find :all ? ( I like SQLs,
> but as far as the performance goes which approach is better? )
>
>
> Can someone throw light in this please?
>
> - thanks
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
No comments:
Post a Comment