On 4: http://api.rubyonrails.org/classes/ActiveRecord/Migration.html#label-Reversible+Migrations
Looks like you just define the up, AR takes care of the rest. Never tried it, it'll save a few lines of code though. On injection, AR sanitizes almost everything I believe. The only thing I know to avoid is using a user set variable straight in a string: "thing = #{@input.user_var}" That's dangerous, you're supposed to do this: "thing = ?", @input.user_var Dave On Mon, May 21, 2012 at 4:52 AM, Dave Everitt <dever...@innotts.co.uk> wrote: > Thanks Nokan, Dave, Philippe for your replies, it's good to get a measure of > standard practice even for things as simple as this. > > There just remains no. 4 (from a question by Isak Andersson > http://comments.gmane.org/gmane.comp.lang.ruby.camping.general/1751) > > for which I'd like an opinion, since I can't find a definitive answer from > the AR docs... and can only fond a reference to it on the Ember GitHub > readme: > https://github.com/EmberAds/acts_as_uuid > > or slide 21 of this AR intro: > http://www.slideshare.net/blazingcloud/active-record-introduction-3 > > since I've only ever used 'up' and 'down' (and don't use Rails) this isn't > obvious to me :-) > > Finally, what's a good approach to security (SQL injection?) for a public > app? > > DaveE > > >>> 4. >>> There's also this from a previous post (opinions please?): >>> >>> "On the part of migrations ... "def self.up" and "def self.down" ... gave >>> me errors for some reason. But ... it should be updated to "def self.change" >>> ... that's the modern way of doing it." >>> >>> DaveE > > > _______________________________________________ > Camping-list mailing list > Camping-list@rubyforge.org > http://rubyforge.org/mailman/listinfo/camping-list -- Dave _______________________________________________ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list