On Feb 5, 11:11 am, Tom Ha <[email protected]> wrote: > Thanks. In this case, the "params[:id]" value is actually a > system-generated one - so there's no user input involved and therefore > it should be secure. > > Can you tell my how to get the syntax correct in the above example? > > ("params[:id]" could of course be replaced by any variable, such as > "@level") >
Ruby is great for calling methods that you don't know the name of ahead of time. Every object has a "send" method you can call to dynamically call methods: method_name = params[:id] # or whatever your case may be current_value = @user.send(method_name) # call the method Then you can do whatever you want with that value. Does this help? Jeff purpleworkshops.com switchingtorails.com > Thanks! > -- > Posted viahttp://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
