On Apr 9, 2006, at 11:43 PM, sean colquhoun wrote:
Sorry guys - would it be possible to explain in a little more
not sure how to implement your recommendations.
I’ll give it a try. Hopefully others will chime in if I miss
For example, if I use
allquestions = Question.find_all_by_level(params[:level]),
Is “find_all_by_level” some kind of dynamic method that I would
change depending on the column name I use? i.e. if I want to pull
records out by “chapter”, do I have to change the method call to
Yes, it’s a dynamic finder that allows you to specify one (or two)
columns in a Model, upon which you want to perform a find. It’s very
useful when the columns that you will be finding on don’t change,
since as you pointed out, if you wanted to find on chapters, you
would need to use a different dynamic finder.
The Rails API didn’t have anything on this. And,
I’m still shaky as to the difference between types of variables, for
example ‘@variables’ vs. ‘:variables’ ? do I have to set :level within
the controller or is that a value that I can pull out of my model?
Actually, I’m certain the Rails API, in the ActiveRecord::Base
section covers dynamic finders quite thoroughly. I know because I’ve
read through that section, more than once. But I learned about
dynamic finders from the AWDwR book.
…and then if I use
allquestions = Question.find(:all,
:conditions => [“level = ?”, params[:level]])
Well, first of all, do I have to use this method with an array?
Do you have to? No. But if you are taking a item from the params
object, which is actually set by the browser request, and funneling
that directly into a find method, you become subject to a form of
security exploit known as SQL Injection. Using the above format to
build your find protects you from this exploit because it allows
Rails to properly escape/quote the value that you want to use in
your :conditions option.
All I want to do is set a level in my model and then have the
controller find all the records that are of that level. I can’t
think of any reason to pass this thing more than one value, but
I’m a total beginner too, so there might be one that I can’t think
Technically, you’re not passing it more than one value, but using the
array form for :conditions is what you are supposed to do when you
are dealing with a value that you don’t have a way to implicitly
trust before you hand it off to Find for turning into an executable