This document discusses ActiveRecord in Rails. It shows how to log SQL statements, find the first record of a model, dynamically add getter and setter methods, save records to the database, and perform safe queries to prevent SQL injection. Specifically, it logs SQL, finds the first person record, sets dynamic attributes on a person object, discusses saving records and queries, and demonstrates safe querying compared to unsafe querying.

1. ACTIVERECORD
Rails 3

2. MVC

3. RAILS CONSOLE
>> ActiveRecord::Base.logger = Logger.new(STDOUT)

4. RAILS CONSOLE
>> ActiveRecord::Base.logger = Logger.new(STDOUT)
>> Person.first
SQL (1.0ms) SELECT name
FROM sqlite_master
WHERE type = 'table' AND NOT name = 'sqlite_sequence'
Person Load (1.0ms) SELECT "people".* FROM "people" LIMIT 1
=> #<Person id: 2, first_name: "Wilma", last_name: "Flinstone",
created_at: "2010-10-19 19:59:36", updated_at: "2010-10-19
19:59:36">

5. RAILS CONSOLE
>> ActiveRecord::Base.logger = Logger.new(STDOUT)
>> Person.first
SQL (1.0ms) SELECT name
FROM sqlite_master
WHERE type = 'table' AND NOT name = 'sqlite_sequence'
Person Load (1.0ms) SELECT "people".* FROM "people" LIMIT 1
=> #<Person id: 2, first_name: "Wilma", last_name: "Flinstone",
created_at: "2010-10-19 19:59:36", updated_at: "2010-10-19
19:59:36">
find "people" table name

6. RAILS CONSOLE
>> ActiveRecord::Base.logger = Logger.new(STDOUT)
>> Person.first
SQL (1.0ms) SELECT name
FROM sqlite_master
WHERE type = 'table' AND NOT name = 'sqlite_sequence'
Person Load (1.0ms) SELECT "people".* FROM "people" LIMIT 1
=> #<Person id: 2, first_name: "Wilma", last_name: "Flinstone",
created_at: "2010-10-19 19:59:36", updated_at: "2010-10-19
19:59:36">
find first row in "people table"

7. DYNAMIC GETTERS AND
SETTERS
>> bret = Person.new
>> bret.first_name = "Bret"
>> bret.last_name = "Smith"
>> bret.first_name
"Bret"
>> bret.xxx
NoMethodError

8. MORE ACTIVE RECORD
• save to database as needed
• automatically handle update/insert
• dynamic queries

9. SQL INJECTION

10. SAFE FROM SQL INJECTION
class User < ActiveRecord::Base
def self.authenticate_unsafely(user_name, password)
find(:first, :conditions =>
"user_name = '#{user_name}' AND password = '#{password}'")
end
def self.authenticate_safely(user_name, password)
find(:first, :conditions =>
[ "user_name = ? AND password = ?", user_name, password ])
end
def self.authenticate_safely_simply(user_name, password)
find(:first, :conditions =>
{ :user_name => user_name, :password => password })
end