On Monday, May 20, 2013 2:19:28 PM UTC+1, Ruby-Forum.com User wrote: > > Greg Willits wrote in post #1109539: > > Seems to me acts_as_list has a bug -- I have data where the row id is a > > random alphaNumeric, not a simple integer. Using acts_as_list with a > > scope of a related model id, acts_as_list crashes the app due to a > > faulty query in MySQL something like this: > > > > class LineItem < ActiveRecord::Base > > belongs_to :order > > acts_as_list :scope => :order_id > > end > > > > Unknown column 'UXPzIdeIuIFkz6n' in 'where clause': UPDATE `line_items` > > SET position = (position - 1) WHERE (order_id = UXPzIdeIuIFkz6n AND > > position > 5) > > > > I've been trying several ways to force substition to generate those > > needed quotes myself, but so far no luck. > > > > Anyone battle & solve this? Thx. > > For future reference this is one of those times that fighting Rails > conventions makes your life more difficult as a Rails developer. Rails > wants it simple incrementing integer primary keys. If you can > accommodate that wish then life for you as a developer gets simpler. If > you want a key that is non-numeric, create a separate column and put a > unique constraint on it, but let Rails have its standard simple integer > key for use in creating associations. > > This feels like it should work though - scope is not necessarily a foreign key column (it could easily be a status column for example (open/closed/etc)), so it should work with string valued columns. Also anything which allows an unquoted, user controllable string into an SQL query is a potential security problem
Fred > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/c4db151e-0b00-46db-a3a7-d4c451abf0e8%40googlegroups.com?hl=en-US. For more options, visit https://groups.google.com/groups/opt_out.
