ActiveRecord can validates "select" querys?


#1

I have an application that makes a render inline, and another in XML
based on data from an URL.
I need to validate the data before passing it over to SQL, and I would
like to receive the errors in the returned array, or at least a
TRUE/FALSE. As there is no associated view file I don’t know how to…

Could someone help me out or orientate me in some way?

Regards and thanks,

Daniel.


#2

Can you give an example of what you mean by “validate the data before
passing it over to SQL”?

If it’s SQL injection you’re worried about, rails can help clean up
user input, but I’m not sure that’s where your heading with this…

On Feb 2, 11:18 am, Daniel López removed_email_address@domain.invalid


#3

Harold wrote:

Can you give an example of what you mean by “validate the data before
passing it over to SQL”?

If it’s SQL injection you’re worried about, rails can help clean up
user input, but I’m not sure that’s where your heading with this…

On Feb 2, 11:18�am, Daniel L�pez removed_email_address@domain.invalid

SQL Injection, mmm… yes, maybe, but I refer particularly to check if a
string is numeric, date type or too short for the database values (for
example).

Only if these requirements are OK, the select query is executed.
Otherwise, the application should return false or something.

Thanks in advance, Harold. :wink:


#4

Sounds like something you can do with ActiveRecord validations:

http://api.rubyonrails.org/classes/ActiveRecord/Validations/ClassMethods.html

for example:

validates_numericality_of :some_numer
validates_length_of :something_else, :in => 3…12

You can use validate_format_of :a_date (and specify a regex), or there’s
a
plugin that helps for this (i haven’t tried it:
http://railslodge.com/plugins/111-validates-date-time)

etc…

is that what you’re looking for?

On Mon, Feb 2, 2009 at 12:10 PM, Daniel López <


#5

In that case, I don’t know of a way to reuse an ActiveRecord validation
before running a find. You don’t even have a ActiveRecord object at that
point yet.

You might just have to write your custom validations before running the
find. Maybe someone else has a better option. Sorry :-o)

-H

On Mon, Feb 2, 2009 at 12:30 PM, Daniel López <


#6

Why do you need to validate on a find method?

There should never be an invalid record at the database, that’s why
there is no validation in a find and for the same reason there
shouldn’t be. If you think you really need it, maybe you haven’t
really figured out what your problem is.

Maurício Linhares
http://alinhavado.wordpress.com/ (pt-br) | http://blog.codevader.com/
(en)

On Mon, Feb 2, 2009 at 2:42 PM, Harold A. Giménez Ch.


#7

Harold A. Giménez Ch. wrote:

Sounds like something you can do with ActiveRecord validations:

http://api.rubyonrails.org/classes/ActiveRecord/Validations/ClassMethods.html

for example:

validates_numericality_of :some_numer
validates_length_of :something_else, :in => 3…12

You can use validate_format_of :a_date (and specify a regex), or there’s
a
plugin that helps for this (i haven’t tried it:
http://railslodge.com/plugins/111-validates-date-time)

etc…

is that what you’re looking for?

No… ActiveRecord validations only works if the SQL operation is an
insert or update (“create” and “update” methods, respectively), but I
also need it to select querys (“find” method). That’s the problem… :S

Thanks again! :wink:


#8

Completely agree with you, Mauricio.

The only reason I can see the need to validate before a find is if your
are
absolutely obsessed with performance and you don’t want to hit the DB if
you
know a priori that no record will be returned. This is definitely not a
normal case. If the query takes too long you might have to rethink your
schema, your query, or create proper indexes.

On Mon, Feb 2, 2009 at 12:44 PM, Maurício Linhares <


#9

The fact is that the project I’m developing is a database connection API
and, although is not essential, it would be nice that it could checks
the data integrity. The reason for do that is to improve the user (or
programmer :P) experience and prevent potential errors in the final
application, not the performance.

Anyway, I found a plugin that does what I want, but it has no associated
download :S. Here’s a brief description (in Spanish):

http://www.tabernadelturco.com/2006/05/03/validacion-de-datos-en-controladores-sin-modelo-asociado-con-ruby-on-rails/

Does anyone know where can I find it? This is the original link in
RubyForge:

http://rubyforge.org/projects/validator

Thanks again guys! :slight_smile: