Re: [Rails] DB query: Finding only the id values

Wed, 18 Jun 2014 07:54:24 -0700 

In rails 3, I believe find_by(params[:box_id]) is insecure and creates a SQL 
injection attack vector. 

I think in Rails 4 that is fixed and is secure. 

Either way, why would you write such a complicated statement using map (this 
has go to be inefficient because you're creating a lot of objects then plucking 
their ids with map -- remember, object instantiation is expensive in active 
record)

did you try something like this?

box = Box.find(params[:box_id])
box.cards.each do |card|
        #... do something with each card
end





On Jun 16, 2014, at 12:40 AM, Ronald Fischer <[email protected]> wrote:

> Colin Law wrote in post #1149753:
>> On 15 June 2014 09:29, Ronald Fischer <[email protected]> wrote:
>> Assuming that you have the relationships setup accordingly (so card
>> belongs_to box and box has_many cards or something similar)
> 
> Actually I have both (belongs_to in :cards and has_many :cards in box); 
> would it be sufficient to have only one?
> 
>> then to
>> get the cards belonging to a certain box you can just use
>> @cards = @box.cards
>> then to get the id of each box in just use box.id
> 
> I see. Thus, applying your suggestion to my case, it would be:
> 
> Box.find_by(params[:box_id]).cards.map {|c| c.id }.each do |cid|
>  # .... Do something with cid
> end
> 
> But this solution still has the effect of having an array of all the 
> Cards, so I don't really see an improvement over my original solution. 
> Or did I miss something?
> 
> -- 
> Posted via http://www.ruby-forum.com/.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to [email protected].
> To post to this group, send email to [email protected].
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/rubyonrails-talk/7f2deb03626cbae546b1506be1d41004%40ruby-forum.com.
> For more options, visit https://groups.google.com/d/optout.
> 

-- 
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/rubyonrails-talk/5DAFAC05-40B9-441A-A2ED-85D8599D82FE%40datatravels.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to