Re: > > What happens if one of the names contains unescaped SQL? What happens if the > names array is empty? The former compromises your database, the latter causes > an invalid statement exception to be raised. Both issues are averted by using > one of two ActiveRecord query APIs: > > User.find_all_by_login(names) > User.all(:conditions => ["login IN (?)", names]) >
I put that example out there as a real anti-pattern, its completely non-intuitive that a ? can be replaced with an array. So many people fall for the .join hack. I appreciate that the internet is for copying so I amended my example so its clean. > Likewise for your "super_user_finder" method, it doesn't really illustrate > what ARel provides (chaining & deferred querying). I cleaned up the sample and made it more idiomatic. > This is an equivalent implementation, which still needs a lot of improvements > to be more in line with idiomatic Ruby/Rails: > > def super_user_finder(options) > users = Table(:users) > reputation, logins = options[:min_reputation] , options[:login_filter] > users = users.where(users[:min_reputation].gt(reputation)) if reputation > users.where(users[:login].matches(logins) if logins > end > Actually an important trap to remember is: ree> def test; 100 if true; 99 if false; end; test => nil This one bit me quite a few times. If you have any ideas on cleaning up any of the samples there I would really appreciate the feedback! Thanks heaps ! Sam -- You received this message because you are subscribed to the Google Groups "Ruby or Rails Oceania" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rails-oceania?hl=en.
