I'd like to make select this way
select from post where sha1(id)=$id;
So I thought this could be in KO3 ORM somethink like:
post = ORM::factory('post')->where('sha1(id)','=',$id)->find();
question is how to use 'sha1(id)' in where function because this way doen't work in KO3-ORM
thnkx
You're just slightly off. It should be:
ORM::factory('post')->where('sha1("id")','=',$id)->find();
Related
I am writing a AWS-Federation proxy in Rails. This means I grab for some groups using net-ldap on our local ActiveDirectory and want to compare those to a list and look for matches. My NetLDAP-searchresult is this hash:
[#<Net::LDAP::Entry:0x000000048cfdd0 #myhash={:dn=>["CN=Username,OU=Support,OU=mycompany ,OU=Organisation,DC=mycompany,DC=com"], :memberof=>["CN=My AWS Groupname,CN=Receiver,CN=Users,DC=mycompany,DC=com"]}>]
Now I want to parse this hash and look for matches in a local "groups" table. It looks like that:
Name AWS-Role
My AWS-Groupname Some Group
AWS-Othergroup Some Other-Group
I have a group-model.
What is a best practices approach? I've never done something like this before. Would I use a Regex here? Do I loop the groups through all tables? What's the rails way to do this?
edited for more information
I'm going to assume a few things here, since I don't know where you get the LDAP search results from, but assuming your hash looks like this:
EDIT:
based on the additional information:
// Example
require 'net-ldap'
entry = Net::LDAP::Entry.new
entry.dn = ["CN=Username,OU=Support,OU=mycompany ,OU=Organisation,DC=mycompany,DC=com"]
entry[:memberof] =["CN=My AWS Groupname,CN=Receiver,CN=Users,DC=mycompany,DC=com"]
name = entry.memberof.first.split(',').first.gsub('CN=', '')
And assuming you have a model called Group that is mapped to this "groups" table, you can do something like this:
Group.where(name: name).any?
If you find any results, it means you have a match in the table.
But this completely depends on the table structure and hash. To properly answer your question, I'd need to see what Objects you have in Rails, and what the structure of your Hash looks like.
EDIT:
Updated my answer based on the received feedback. Use code at own risk.
I am using ruby 1.8.7 and rails 2.3.2
The following code is prone to sql injection
params[:id] = "1) OR 1=1--"
User.delete_all("id = #{params[:id]}")
My question is by doing the following will be the best solution to avoid sql injection or not. If not then what is the best way to do so?
User.delete_all("id = #{params[:id].to_i}")
What about:
User.where(id: params[:id]).delete_all
Ok sorry for Rails 2.x its:
User.delete_all(["id = ?", params[:id]])
Check doc
Btw, be sure you want to use delete_all instead of destroy_all, the former doesn't trigger callbacks.
You can use this also
User.delete(params[:id])
The other answers answer this well for Rails and it'll work fine if you follow their suggestions. In a more generic setting when you have to handle this yourself you can typically use a regular expression to extract a value that's in an expected format. This is really simple with an integer id. Think of it like this:
if params[:id] =~ /(\d+)/
safe_id = $1.to_i
# do something with safe_id now
end
That gets a little more complicated when you're handling strings and arbitrary data. If you have to handle such data then you can use the quoting methods available for the database adapters. In Rails this is ultimately rolled into a consistent interface:
safe_string = ActiveRecord::Base.connection.quote(unsafe_string)
For most database systems this will handle single quotes and backslashes in a special manner.
If you're outside of Rails you will have to use the quoting methods specific to your database adapter, but usage is quite similar.
The takeaway:
If your data has a particular format, enforce the format with a regular expression
Otherwise, use your database adapter's quoting function to make the data "safe" for use in a query
Rails will handle most of this for you if you properly use the various methods and "conditions"
Use the rails methods to pass your where options. You can always hardcode them, as in the example that you give, but the usual way would be something like:
User.where(:id => params[:id]).delete_all
User.where("id = ?", params[:id]).delete_all
User.where("id = :id", :id => params[:id]).delete_all
They are well tested and in case a new vulnerability is detected, an update will fix the problem and your code will not need to be changed.
By the way, if you just want to delete 1 record based on its id, what I would do is:
User.find(params[:id]).destroy
I'd like to change the default statement that ActiveRecord uses to query a model's table. By default, it queries a table "cables" for example by...
this_cable = Cable.first
results in
SELECT "cables".* FROM "cables" LIMIT 1
I would like to find a way for it to wind up with
SELECT *,askml(wkb_geometry) as kml FROM "cables" LIMIT 1
This way i can call a database function and have that behave like a field on the object.
this_cable.kml
=> "<LineString><coordinates>-73.976879999999994,40.674999999999997 -73.977029999999999,40.674779999999998 -73.977170000000001,40.674770000000002 -73.97775,40.67501</coordinates></LineString>"
This can be accomplished by adding a scope
scope :with_kml, "*,askml(wkb_geometry) as kml"
But I figure that's kind of messy. I would like this "kml" column to always be there, without having to call the "with_kml" scope.
Any ideas?
Have you tried using default_scope for this, or do you actually want this to be present on all your models?
Something like this might solve your problem:
default_scope select("*, askml(wkb_geometry) as kml")
You might want to change that to cables.* for it to work properly with joins and such, though.
What is the syntax for like in Ruby on Rails? This is something I'm trying to do:
I am trying to find all the last name from table which starts with egm so something like %egm%. I know how to do using find_by_sql but just curious to know the Ruby way.
s = Person.find_by_last_name('nan%')
Person.where('name LIKE ?', '%egm%').all
l_name_var = "nan"
Person.where("people.last_name LIKE :l_name", {:l_name => "#{l_name_var}%"})
or in your case
l_name_var = "egm"
Person.where("people.last_name LIKE :l_name", {:l_name => "%#{l_name_var}%"})
To expand a bit, the find_by_X methods use the = operator, so you wouldn't want to use them for a like condition. The "Rails" way involves using a bit of SQL inside of the where method as shown in the other answers. The same would apply if you're trying to sort your results using the order method.
How can i realize seo friendly urls?
Instead
http://mysite.com/articles/show/2
i would like to use the articlename instead the id
i.e.
mysite.com/articles/show/articlename
or somehow combine id and articlename like this
mysite.com/articles/show/articlename-2
i'm a rails newbie so perhaps you could give me short advice where to change
something with what code?
Look in your article controller, probably in app/controllers/articles.rb. You probably have a method named show which looks up an article by id with something like this:
#article = Article.find(params[:id])
If you know the id is going to be the title of the post instead of its id, you can instead look up your article using
#article = Article.find_by_title(params[:id])
This will allow you to use somewhat ugly URLs like /articles/show/This+is+the+title. If you want to make a slightly nicer URL, you could add a column to your article table (called, say, seo_title) to store the title translated to lowercase with underscores, yielding something like this_is_the_title.
#and
Your question is at once both simple and yet difficult. Best you check out this more mature Stack Overflow post to find your answer:
https://stackoverflow.com/questions/723765/how-do-i-make-the-urls-in-ruby-on-rails-seo-friendly-knowing-a-vendor-name/
It has more examples and more options. While find_by_title is an option, it is far from your best option.