GET params in ruby-on-rails project - best practices?

Posted by Lynn C on Stack Overflow See other posts from Stack Overflow or by Lynn C
Published on 2010-03-25T23:28:44Z Indexed on 2010/03/25 23:33 UTC
Read the original article Hit count: 382

I've inherited a little rails app and I need to extend it slightly. It's actually quite simple, but I want to make sure I'm doing it the right way...

If I visit myapp:3000/api/persons it gives me a full list of people in XML format. I want to pass param in the URL so that I can return users that match the login or the email e.g. yapp:3000/api/persons?login=jsmith would give me the person with the corresponding login. Here's the code:

def index
  if params.size > 2 # We have 'action' & 'controller' by default
   if params['login']
      @person = [Person.find(:first, :conditions => { :login => params['login'] })]
    elsif params['email']
      @persons = [Person.find(:first, :conditions => { :email => params['email'] })]
    end
  else
    @persons = Person.find(:all)
  end
end

Two questions...

  1. Is it safe? Does ActiveRecord protect me from SQL injection attacks (notice I'm trusting the params that are coming in)?
  2. Is this the best way to do it, or is there some automagical rails feature I'm not familiar with?

© Stack Overflow or respective owner

Related posts about ruby-on-rails

Related posts about activerecord