On Fri, Jan 16, 2009 at 10:32 AM, naevity <[email protected]> wrote: > > Is this even possible? I've got a ruby expression stored in a > database, it's the code to run a plugin since I was having trouble > passing variables stored in the database.
In my opinion it would be better to solve the original problem you had with the plugin and passing variables than to use dynamically executed code as a workaround. From your snippets I'd guess the problem is you are trying to save/pass a string like "Gbarcode::BARCODE_128" into the plugin rather than the underlying value referred to by the constant Gbarcode::BARCODE_128. What did your original code look like? > When I try to call the code, it either outputs it as text, or doesn't > display it at all. It's supposed to generate an image and display it. > > right now the code is stored in the database as: > > <%= barcode TEST1234, :encoding_format => Gbarcode::BARCODE_128 %> If you want to execute this as Ruby code, you need to remove the <%= %> bits (so you're on the right track with that). > and in the View, I have this: > > <%= code.upc %> (where upc is the column name in the database) > > When I do this, nothing outputs in the view, but if I view the source, > I can see the ruby expression. <%=h code.upc %> will make it obvious why by preventing your view from accidentally rendering invalid HTML to the page. > If I change the code stored in the database to this: > barcode TEST1234, :encoding_format => Gbarcode::BARCODE_128 > > This just displays the code on the webpage, which I would expect it > to. > > am I doing something wrong or is this not possible? It is possible. $ irb irb(main):001:0> exp = "puts 'foo'" => "puts 'foo'" irb(main):002:0> eval exp foo So in a view: <%= eval code.upc %> *DANGER DANGER DANGER* you are running with scissors here. If an attacker can get arbitrary code into your database, using eval like this will execute that code in the context of your application. You may want to read up on Kernel#eval, Object#instance_eval, and the other forms of eval in Ruby, they're a lot of fun. But in this case, I think they may not be the best choice if you can avoid them. -Michael -- Michael C. Libby www.mikelibby.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
