June 2011
2 posts
Rails Bad Practices #2 - using Time.now in scope
Ever wondered how to get your time-dependent scopes to act like bunch of lunatics?
do this:
class User < ActiveRecord::Base
scope :active, where(:activated_at.gt => Time.now)
end
and your list of active users will stub every time you restart your app. Cool!
Of course, this great trick can’t be achieved with this:
class User < ActiveRecord::Base
scope :active, lambda{...
Rails Bad Practices #1 - sql injection.
Sql injection is a very nice trick, however it’s really hard to achieve with Rails. This few simple lines of code allow all of your users to execute sql whatever way they want:
#app/models/user.rb
class User < ActiveRecord::Base
scope :very_clever_scope, lambda{|name_or_id| where("name = #{name_or_id} OR id=#{name_or_id}")
end
#app/controllers/users_controller.rb
class...