How do I build a query dynamically without risking SQL injection attacks?

I have an array of names and I would like to build a query testing each name in turn. However, I never know how many names will be in the list at any one time. I could build the query by hand like so:

However, that violates an important security rule and opens the… Continue reading

How does Rails work?

So you’ve decided to learn Rails. You could dive straight in to learning the code, but Rails is an opinionated framework and it expects certain things to be done a certain way. A high-level understanding of how it’s structured and what goes where is always important. So let’s follow a hypothetical web-request on its journey… Continue reading

What is schema.rb for?

One of the main things that Rails did that made it stand out from other similar frameworks, all the way back in 2005, was that it read your database schema (which tables there were and which fields those tables had) as the application started up and used them to decide which attributes should appear on… Continue reading

How do I find the last record in a relationship?

I have an item that has a history of different states.

I would like to find all items where the most recent state is “public”. This is something that can be done in SQL. Something similar to below should work on most databases (but I’m a bit rusty on raw SQL) …

However,… Continue reading

Which model should I use with find_by_sql?

I have three tables that are linked together and I’m trying to figure out which model I should use at the beginning of my find_by_sql call. There are Users, Schedules with a has_and_belongs_to_many association between them, so a schedules_users join table in between them. My SQL will want to look something like “select user_id from… Continue reading

Should I use a has_many association or just repeat the information?

So in my app every country has its top 10 news articles for the week, and every week these articles get replaced by a new set of articles. Which of the following should i do: 1) Create a table for each country that’s attributes would be the 10 articles plus some other info. 2) Have… Continue reading

How do I get Active Record to exclude items in a query?

In SQL I would just write a “not in” query – but what’s the equivalent in ActiveRecord?

By filtering at the database level like this, you can let your database engine do all the optimisation, select the most appropriate index and so on – keeping any performance hits away from your Ruby code. But… Continue reading

How do I encrypt data in my database?

It’s a rough, tough world out there. There’s bad guys lurking round every street corner, just looking to break into your database and sup on the sweet, sweet data within. Mmmm, sticky, gooey records … Most databases that get exposed tend to just have the data contents leaked. So if you’ve got anything sensitive in… Continue reading

Which ActiveRecord association should I use? “Has and Belongs to Many” or “Has Many Through”?

One of the things many newcomers to Rails (especially those with no relational database experience) find confusing is choosing between two of ActiveRecord’s association methods – the infamous “has_and_belongs_to_many” in comparison to “has_many :through”. But don’t worry; you’re not being dumb. They actually look very similar, but do two different things, and which one you… Continue reading