Hi,
This is a piece of code found in a fictional Rails controller and
model.
Please point out any bugs or security problems in the code, fix them,
and refactor the code to make it cleaner.
class ProfileController < ApplicationController
def show
@user = User.find(:first, :conditions => "name =
'#{params[:name]}'")
@roles = Role.find(:all, :conditions => "user_id = #{@user.id}")
end
end
class User < ActiveRecord::Base
end
class Role < ActiveRecord::Base
end
Please help me out.
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
