Is there any better way to do this?


#1

#order can be “date” or “score” or “user”

@order = “date” #default
@order = session[:order] if session[:order]
@order = params[:order] if params[:order]

orderby = “updated_on DESC” #default
orderby = “score DESC” if @order == “score”
orderby = “user” if @order == “user”

session[:order] = @order

@results = Stats.find(:all, :order => orderby, :conditions…


#2

session[:order] = @order

@results = Stats.find(:all, :order => orderby, :conditions…

@order = params[:order] || session[:order] || ‘date’
orderby = case @order
when ‘user’ then ‘user’
when ‘score’ then ‘score DESC’
else ‘updated_on DESC’
end

my $0.02
Jan


#3

James B. wrote:

#order can be “date” or “score” or “user”

Don’t use @ unless you are really passing a variable to other methods in
this class.

@order = “date” #default
@order = session[:order] if session[:order]
@order = params[:order] if params[:order]

order = session[:order] || params[:order] || ‘date’

Note I use single ‘ticks’ because I don’t need the special abilities of
“”. That
represents a very important style rule - use the simplest code you can.
Think of
“” as “costing more” than ‘’.

orderby = “updated_on DESC” #default
orderby = “score DESC” if @order == “score”
orderby = “user” if @order == “user”

orderby = order == ‘date’ ? ‘updated_on’ : order


#4

But why the params and session themselves don’t contain the real code -
‘updated_on DESC’. The View could, for example, show ‘date’ to the user and set
its value to ‘updated_on DESC’. Then all this fun goes away!

Agree. The only reason may be security - user would know your table
column name ‘updated_on’ if you use it directly in view.

Jan


#5

Xie H. wrote:

orderby = case @order
when ‘user’ then ‘user’
when ‘score’ then ‘score DESC’
else ‘updated_on DESC’
end

That’s better than mine by preserving the DESC.

But why the params and session themselves don’t contain the real code -
‘updated_on DESC’. The View could, for example, show ‘date’ to the user
and set
its value to ‘updated_on DESC’. Then all this fun goes away!


#6

Xie H. wrote:

But why the params and session themselves don’t contain the real code -
‘updated_on DESC’. The View could, for example, show ‘date’ to the user and set
its value to ‘updated_on DESC’. Then all this fun goes away!

Agree. The only reason may be security - user would know your table
column name ‘updated_on’ if you use it directly in view.

They also might hack the params and put in a SQL injection attack.