Jordon,
On 2013-10-28 23:41, Jordon Bedwell wrote:
Apparently my laptops touchpad was on so let me reword it:
In Ruby a blank string is not a null bit so if you set :default => ""
it will allow blank strings, which is what you consider a null string
even though there is no such thing. Which means if you want :default
=> "" you need to have your model validate with :allow_blank => false,
or you need to ALLOW_NULL 0 and remove the :default => "".
The preferable solution from both a security and proper application
standpoint is to tell both the model and the db that it doesn't want
null or blank strings because it's faster to have the model do blank?
than it is to hit the db and have it return and error and complete a
cycle (short-circuiting is a good thing.) The db protection is simply
to protect yourself against manual entries and edge cases in the
application.
Right - I should have realised that what I was looking at was the DB
stuff - I have found:
.gem/ruby/bundler/gems/devise-4e2cdc2d5b81/lib/devise/models/validatable.rb
and it seems to have some stuff in it that is relevant - I will check
that out.
Thanks,
Phil.
--
Philip Rhoades
GPO Box 3411
Sydney NSW 2001
Australia
E-mail: [email protected].
--
You received this message because you are subscribed to the Google Groups "Ruby on
Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/c8799ae41bc6d9e88501751edec7ed43%40localhost.
For more options, visit https://groups.google.com/groups/opt_out.
