On Sun, Apr 10, 2011 at 9:51 AM, Matt Jones <[email protected]> wrote:
> > > On Apr 9, 11:37 pm, David Kahn <[email protected]> wrote: > > Is there a different way to do such an eval? In actuality what I am doing > > with this phrase is to assign hash params to the attributes of a class: > > > > eval("background_process_status.#{key.to_s}='#{value}'") > > I'd *highly* recommend that you not do this. Using send is not only > more efficient, it's far safer - for instance, what happens if > somebody sends your code a value like > > '; `rm -rf *`;' > > This will be syntactically valid, and will make quite a mess... > Thanks all... yeah, I will use send, I forgot about that and you are right, it gets yucky very fast when things like single quotes and who knows what else get added. Also, on this answer: eval("assigned_string=#{name}") , no it does not work, this is what I had originally but if you output the internal string it looks like "assigned_string=david" which of course errors out unless what is in 'name' is a non string type. > > --Matt Jones > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
