GET params in ruby-on-rails project - best practices?
Posted
by Lynn C
on Stack Overflow
See other posts from Stack Overflow
or by Lynn C
Published on 2010-03-25T23:28:44Z
Indexed on
2010/03/25
23:33 UTC
Read the original article
Hit count: 382
I've inherited a little rails app and I need to extend it slightly. It's actually quite simple, but I want to make sure I'm doing it the right way...
If I visit myapp:3000/api/persons it gives me a full list of people in XML format. I want to pass param in the URL so that I can return users that match the login or the email e.g. yapp:3000/api/persons?login=jsmith would give me the person with the corresponding login. Here's the code:
def index
if params.size > 2 # We have 'action' & 'controller' by default
if params['login']
@person = [Person.find(:first, :conditions => { :login => params['login'] })]
elsif params['email']
@persons = [Person.find(:first, :conditions => { :email => params['email'] })]
end
else
@persons = Person.find(:all)
end
end
Two questions...
- Is it safe? Does ActiveRecord protect me from SQL injection attacks (notice I'm trusting the params that are coming in)?
- Is this the best way to do it, or is there some automagical rails feature I'm not familiar with?
© Stack Overflow or respective owner