Active Record

1,000 views
937 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,000
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Active Record

  1. 1. ACTIVERECORD Rails 3Saturday, March 5, 2011
  2. 2. MVCSaturday, March 5, 2011
  3. 3. RAILS CONSOLE >> ActiveRecord::Base.logger = Logger.new(STDOUT)Saturday, March 5, 2011
  4. 4. RAILS CONSOLE >> ActiveRecord::Base.logger = Logger.new(STDOUT) >> Person.first SQL (1.0ms) SELECT name FROM sqlite_master WHERE type = table AND NOT name = sqlite_sequence Person Load (1.0ms) SELECT "people".* FROM "people" LIMIT 1 => #<Person id: 2, first_name: "Wilma", last_name: "Flinstone", created_at: "2010-10-19 19:59:36", updated_at: "2010-10-19 19:59:36">Saturday, March 5, 2011
  5. 5. RAILS CONSOLE >> ActiveRecord::Base.logger = Logger.new(STDOUT) >> Person.first SQL (1.0ms) SELECT name FROM sqlite_master WHERE type = table AND NOT name = sqlite_sequence Person Load (1.0ms) SELECT "people".* FROM "people" LIMIT 1 => #<Person id: 2, first_name: "Wilma", last_name: "Flinstone", created_at: "2010-10-19 19:59:36", updated_at: "2010-10-19 19:59:36"> find "people" table nameSaturday, March 5, 2011
  6. 6. RAILS CONSOLE >> ActiveRecord::Base.logger = Logger.new(STDOUT) >> Person.first SQL (1.0ms) SELECT name FROM sqlite_master WHERE type = table AND NOT name = sqlite_sequence Person Load (1.0ms) SELECT "people".* FROM "people" LIMIT 1 => #<Person id: 2, first_name: "Wilma", last_name: "Flinstone", created_at: "2010-10-19 19:59:36", updated_at: "2010-10-19 19:59:36"> find first row in "people table"Saturday, March 5, 2011
  7. 7. DYNAMIC GETTERS AND SETTERS >> bret = Person.new >> bret.first_name = "Bret" >> bret.last_name = "Smith" >> bret.first_name "Bret" >> bret.xxx NoMethodErrorSaturday, March 5, 2011
  8. 8. MORE ACTIVE RECORD • save to database as needed • automatically handle update/insert • dynamic queriesSaturday, March 5, 2011
  9. 9. SQL INJECTIONSaturday, March 5, 2011
  10. 10. SAFE FROM SQL INJECTION class User < ActiveRecord::Base def self.authenticate_unsafely(user_name, password) find(:first, :conditions => "user_name = #{user_name} AND password = #{password}") end def self.authenticate_safely(user_name, password) find(:first, :conditions => [ "user_name = ? AND password = ?", user_name, password ]) end def self.authenticate_safely_simply(user_name, password) find(:first, :conditions => { :user_name => user_name, :password => password }) endSaturday, March 5, 2011

×