David Kahn wrote: > You are ok if you are eval'ing on something which is not user provided. > The > risk is if you are eval'ing something which is user input, which then > would > subject you to risk. Below I am assuming your arg is a field name which > is > something passed by your own code.
However, eval is virtually never necessary in Ruby. 99% of the time (as in the OP's case), you actually wanted send. I'll post an example later if it would be helpful. > > David Best, -- Marnen Laibow-Koser http://www.marnen.org [email protected] -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
