Running a ruby expression stored in a database

Is this even possible? I’ve got a ruby expression stored in a
database, it’s the code to run a plugin since I was having trouble
passing variables stored in the database.

When I try to call the code, it either outputs it as text, or doesn’t
display it at all. It’s supposed to generate an image and display it.

right now the code is stored in the database as:

<%= barcode TEST1234, :encoding_format => Gbarcode::BARCODE_128 %>

and in the View, I have this:

<%= code.upc %> (where upc is the column name in the database)

When I do this, nothing outputs in the view, but if I view the source,
I can see the ruby expression.

If I change the code stored in the database to this:
barcode TEST1234, :encoding_format => Gbarcode::BARCODE_128

This just displays the code on the webpage, which I would expect it
to.

am I doing something wrong or is this not possible?

naevity wrote:

and in the View, I have this:

<%= code.upc %> (where upc is the column name in the database)

This will just render the contents of the column as text.

When I do this, nothing outputs in the view, but if I view the source,
I can see the ruby expression.

If I change the code stored in the database to this:
barcode TEST1234, :encoding_format => Gbarcode::BARCODE_128

This just displays the code on the webpage, which I would expect it
to.

am I doing something wrong or is this not possible?

I think it is possible, but you will have to “eval” it somehow. I’ve not
done this in ruby before but you should be able to google it quite
easily.

HTH

Matt

On Fri, Jan 16, 2009 at 10:32 AM, naevity [email protected]
wrote:

Is this even possible? I’ve got a ruby expression stored in a
database, it’s the code to run a plugin since I was having trouble
passing variables stored in the database.

In my opinion it would be better to solve the original problem you had
with the plugin and passing variables than to use dynamically executed
code as a workaround. From your snippets I’d guess the problem is you
are trying to save/pass a string like “Gbarcode::BARCODE_128” into the
plugin rather than the underlying value referred to by the constant
Gbarcode::BARCODE_128.

What did your original code look like?

When I try to call the code, it either outputs it as text, or doesn’t
display it at all. It’s supposed to generate an image and display it.

right now the code is stored in the database as:

<%= barcode TEST1234, :encoding_format => Gbarcode::BARCODE_128 %>

If you want to execute this as Ruby code, you need to remove the <%=
%> bits (so you’re on the right track with that).

and in the View, I have this:

<%= code.upc %> (where upc is the column name in the database)

When I do this, nothing outputs in the view, but if I view the source,
I can see the ruby expression.

<%=h code.upc %> will make it obvious why by preventing your view from
accidentally rendering invalid HTML to the page.

If I change the code stored in the database to this:
barcode TEST1234, :encoding_format => Gbarcode::BARCODE_128

This just displays the code on the webpage, which I would expect it
to.

am I doing something wrong or is this not possible?

It is possible.

$ irb
irb(main):001:0> exp = “puts ‘foo’”
=> “puts ‘foo’”
irb(main):002:0> eval exp
foo

So in a view: <%= eval code.upc %>

DANGER DANGER DANGER you are running with scissors here. If an
attacker can get arbitrary code into your database, using eval like
this will execute that code in the context of your application.

You may want to read up on Kernel#eval, Object#instance_eval, and the
other forms of eval in Ruby, they’re a lot of fun. But in this case, I
think they may not be the best choice if you can avoid them.

-Michael

–
Michael C. Libby
www.mikelibby.com

On Jan 16, 1:18 pm, “Michael L.” [email protected] wrote:

plugin rather than the underlying value referred to by the constant
Gbarcode::BARCODE_128.

Thank’s for the response Michael and Robby, here’s my response before
I saw what Michael wrote:

This smells funny… so I wanted to ask for more information. How is
the ruby code going to be added into the database? Would users be
inputting ruby code somehow?

Well, it’s a workaround to another problem I’m running into. I’m
trying to use the barcode-generator plugin (Google Code Archive - Long-term storage for Google Code Project Hosting.
barcode-generator/), which is based on the gbarcode gem.

In my database I have two tables, one for the numbers, and one for the
types of codes

to use the plugin, you call <%= barcode ‘UPCCODE’ %> in the view, and
it generates the code to create and display the PNG. My problem is
that I’m trying to add the :encoding_function option to the code,
which would look something like this:

<%= barcode ‘UPCCODE’, :encoding_function => Gbarcode::BARCODE_ISBN %>

I need to be able to dynamically input the encoding function like
this:

<%= barcode code.number, :encoding_function => code.type.upctype %>

but this pops up errors.

I’ve tried every combination of trying to pass that value, and it
always fails. So, as a last resort, I wrote code to just write the
whole line to the database for each UPCnumber, i.e.:

<%= barcode ‘TEST1234’, :encoding_function => Gbarcode::BARCODE_39 %>
<%= barcode ‘234567890987’, :encoding_function =>
Gbarcode::BARCODE_ISBN %>
<%= barcode ‘U567890298322E’, :encoding_function =>
Gbarcode::BARCODE_128 %>

But, as I said above, when I try to pull this code, and run it to
generate and display the barcode, it fails.

For Example:

code: <%= barcode card.cardnumber, :encoding_format =>
card.rewards.upctype %>
code.type.upctype: Gbarcode::BARCODE_ISBN
result: in method ‘Barcode_Encode’, argument 2 of type ‘int’

code: <%= barcode card.cardnumber, card.rewards.upctype %>
code.type.upctype: :encoding_format => Gbarcode::BARCODE_ISBN
result: index 94105 out of string

On Fri, Jan 16, 2009 at 8:32 AM, naevity [email protected]
wrote:

<%= barcode TEST1234, :encoding_format => Gbarcode::BARCODE_128 %>

This just displays the code on the webpage, which I would expect it
to.

am I doing something wrong or is this not possible?

This smells funny… so I wanted to ask for more information. How is
the ruby code going to be added into the database? Would users be
inputting ruby code somehow?

Robby

–
Robby R.
Chief Evangelist, Partner

PLANET ARGON, LLC
design // development // hosting w/Ruby on Rails

http://www.robbyonrails.com/
aim: planetargon

+1 503 445 2457
+1 877 55 ARGON [toll free]
+1 815 642 4068 [fax]

-Michael

I’ve wondered about doing something like this myself, but in a different
context…

Suppose I develop a generic RoR application that I would like to be able
extend or customize on the fly. As an example, suppose I wanted records
in
my database with a certain value for the “from” field to always be
stored in
upper case, but I didn’t (and can’t) know at the time I develop the
application to which values that rule (or some other totally arbitrary
rule)
would apply.

I have thought about creating a table for Ruby code, and evaluating that
code a key points in the execution of my application. I would restrict
access to that table to admin users only, so as to reduce the risk of
allowing malicious code into my database.

So far, I haven’t gotten anywhere other than wondering whether I really
want
to go down this path or not, and wondering how I might do so if I did
want
to start down that slippery slope.

I’m curious – have others had similar wonderments and address them
similarly or differently?

–wpd

naevity wrote:

I’ll second (or third, or whatever) the opinions that retrieving raw
code from a database table and executing it blindly is risky enough that
it should make you lose sleep at night.

In this case, if you decide that loading in the code from a remote
source is the easiest way to solve your problem, why not just put the
code snippets somewhere safer like a yaml file instead? It’s a read-only
format, no danger for hackers to inject their own code, and it would be
just as easy (if not easier) to set up for a managably finite number of
code snippets. Not to mention the fact that the code snippets could be
loaded once and cached, saving you all that extra database activity.

Just a thought.

• Aaron

On Fri, Jan 16, 2009 at 12:32 PM, naevity [email protected]
wrote:

<%= barcode ‘UPCCODE’, :encoding_function => Gbarcode::BARCODE_ISBN %>

Hard-coding it like this works for you, right?

I need to be able to dynamically input the encoding function like
this:

<%= barcode code.number, :encoding_function => code.type.upctype %>

What are some sample values of code.type.upctype from your database?

-Michael

–
Michael C. Libby
www.mikelibby.com

On Jan 16, 1:52 pm, “Michael L.” [email protected] wrote:

What are some sample values of code.type.upctype from your database?

-Michael

yes, hardcoding it works. Let’s say I want to use an ISBN barcode of
“068816112X”

This works:

<%= barcode ‘068816112X’, :encoding_function => Gbarcode::BARCODE_ISBN
%>

Now, let’s say in my types table, I have this:

id: 1
type: book
upctype: GBarcode::BARCODE_ISBN

id: 2
type: dvd
upctype: GBarcode::BARCODE_128

and in my ‘items’ table (instead of code, works better for the
example) I have this:

id: 1
type_id: 1
name: replay
upcnumber: 068816112X

id: 2
type_id: 2
name: batman
upcnumber: 123456789

I can do this without a problem:

<%= barcode item.upcnumber, :encoding_format => Gbarcode::BARCODE_ISBN
%>

But that would obviously make the next entry of Batman show up wrong,
since it needs to be a BARCODE type of 128.

This is where stuff start’s going wrong. I thought I should be able to
enter the below without a problem

<%= barcode item.upcnumber, :encoding_format => item.type.upctype %>

but that’s when I get the "in method ‘Barcode_Encode’, argument 2 of
type ‘int’ " error.

If you want to take a look at the plugin’s code where the
Barcode_Encode method lies, it’s here:

http://code.google.com/p/barcode-generator/source/browse/trunk/barcode_generator/lib/barcode_generator.rb

I really appreciate the help, I’ve wasted an entire day trying to wrap
my head around it. It seems like it should work to me, but I obviously
don’t know enough as to why it’s not working.

On Jan 16, 2009, at 2:44 PM, Michael L. wrote:

GBarcode::BARCODE_ISBN is not a string. It’s a constant that stands

<%= barcode “some_string”, :encoding_format => 3 %>

Michael C. Libby
www.mikelibby.com

You can probably leverage ActiveSupport#constantize

class Item
def enc_type
self.type.upctype.constantize
rescue NameError
Gbarcode::DEFAULT
end
end

assuming that you want to store Gbarcode::BARCODE_ISBN in the
database rather than its value as a Fixnum.

HOWEVER, I’ll warn you that the name ‘type’ is reserved by
ActiveRecord for single-table inheritance and you might be better-off
using a word like ‘kind’ or ‘format’

-Rob

Rob B. http://agileconsultingllc.com
[email protected]

On Fri, Jan 16, 2009 at 5:21 PM, naevity [email protected]
wrote:

this:
yes, hardcoding it works. Let’s say I want to use an ISBN barcode of
type: book
id: 1

my head around it. It seems like it should work to me, but I obviously
don’t know enough as to why it’s not working.

It won’t work the way you are doing, because “Gbarcode::BARCODE_ISBN”
is ruby code (It’s a constant from Gbarcode class) and needs to be
evaluated and when you do “item.type.upctype” the result is the STRING
“Gbarcode::BARCODE_ISBN” which is not interpreted, therefore not
evaluated as the constant.

This code:

<%= barcode item.upcnumber, :encoding_format => eval item.type.upctype
%>

works, but it’s dangerous and you should avoid it.

–
cheers,

Gustavo Sacomoto

Vice-gerente Geral
Qype Brasil

+55 (11) 76747726

www.qype.com.br

On Fri, Jan 16, 2009 at 1:21 PM, naevity [email protected]
wrote:

yes, hardcoding it works. Let’s say I want to use an ISBN barcode of
“068816112X”

This works:

<%= barcode ‘068816112X’, :encoding_function => Gbarcode::BARCODE_ISBN
%>

Good. Just checking that the easy case works.

Now, let’s say in my types table, I have this:

id: 1
type: book
upctype: GBarcode::BARCODE_ISBN

I think the problem is your model then.

GBarcode::BARCODE_ISBN is not a string. It’s a constant that stands
for the Fixnum 3.

irb(main):001:0> require ‘rubygems’
=> true
irb(main):002:0> require ‘gbarcode’
=> true
irb(main):003:0> Gbarcode::BARCODE_ISBN
=> 3
irb(main):006:0> Gbarcode::BARCODE_ISBN.class
=> Fixnum

<%= barcode item.upcnumber, :encoding_format => item.type.upctype %>

but that’s when I get the "in method ‘Barcode_Encode’, argument 2 of
type ‘int’ " error.

It’s a somewhat opaque error message, but it’s telling you that the
second argument is the wrong type… and that it wants an int.

Your view could just as easily contain:

<%= barcode “some_string”, :encoding_format => 3 %>

and it should work the same as

<%= barcode “some_string”, :encoding_format => Gbarcode::BARCODE_ISBN %>

The value you need to store in your database is the integer/Fixnum.

-Michael

–
Michael C. Libby
www.mikelibby.com

-Michael
Hi Michael,

That worked! Thank you very much, I doubt I ever would have figured
that out in the near future. I’m gonna have to alter my structure to
include those values.

Everyone, thank you very much, I really appreciate it. I do not want
to use the eval option, and I’m glad I now understand why it wasn’t
working. It was driving me crazy.

Thanks again,

Jonathan

I’ve had some experience with this word barcode add-in:

Hope it could be helpful. I think I also get something interesting from
this thread.

On Wednesday, 18 June 2014 21:53:29 UTC-5, Ruby-Forum.com User wrote:

I’ve had some experience with this word barcode add-in:

Barcode Add-In for Microsoft Word|Generating & inserting QR Code, Data Matrix, Code 39, Code 128, UPC/EAN barcode in MS-Word 2007/2010

Hope it could be helpful. I think I also get something interesting from
this thread.

Stop reanimating 5-year-old dead threads with SEO-crap. Thanks.

–Matt J.