Patrick Clas wrote:
[...]
> Any SQL database can do bulk updates, but mysql makes it easier by
> allowing table joins during updates. I suppose I could try to redesign
> my statement, but I don't see the need since I own the server I'm
> running on and mysql is always going to be there.
That doesn't mean you're always going to be using MySQL (PostgreSQL is a
much better DB, for example, and you may want to switch at some point).
Don't lock yourself in unnecessarily.
> I guess I'm not a
> rails purist so I don't have any strong objection to putting SQL in my
> code.
It has nothing to do with Rails purism. Since Rails will abstract
things for you, let it, and don't tie yourself to one database by
writing SQL! (Or if you must, make sure it's database-neutral SQL.)
> Here is the statement I now have in my code:
>
> UPDATE users, game_collections SET users.points = users.points +
> #{point_diff},
> users.adjusted_points = users.points *
> users.complete/(users.complete + users.incomplete) WHERE
> game_collections.user_id = users.id AND game_collections.game_id =
> #{game.id} AND game_collections.percentComplete = 100
Are point_diff and game.id coming from any sort of user input or form
submissions? If so, you've just left yourself wide open to SQL
injection attacks.
In any case, I think you *really* want ar-extensions here. Keep your
app as DB-independent as possible.
Best,
--
Marnen Laibow-Koser
http://www.marnen.org
[email protected]
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
