ActiveRecord can validates "select" querys?

I have an application that makes a render inline, and another in XML
based on data from an URL.
I need to validate the data before passing it over to SQL, and I would
like to receive the errors in the returned array, or at least a
TRUE/FALSE. As there is no associated view file I don’t know how to...

Could someone help me out or orientate me in some way?

Regards and thanks,

Daniel.

Can you give an example of what you mean by "validate the data before
passing it over to SQL"?

If it's SQL injection you're worried about, rails can help clean up
user input, but I'm not sure that's where your heading with this...

Harold wrote:

Can you give an example of what you mean by "validate the data before
passing it over to SQL"?

If it's SQL injection you're worried about, rails can help clean up
user input, but I'm not sure that's where your heading with this...

On Feb 2, 11:18�am, Daniel L�pez <rails-mailing-l...@andreas-s.net>

SQL Injection, mmm... yes, maybe, but I refer particularly to check if a
string is numeric, date type or too short for the database values (for
example).

Only if these requirements are OK, the select query is executed.
Otherwise, the application should return false or something.

Thanks in advance, Harold. :wink:

Sounds like something you can do with ActiveRecord validations:

http://api.rubyonrails.org/classes/ActiveRecord/Validations/ClassMethods.html

for example:

validates_numericality_of :some_numer
validates_length_of :something_else, :in => 3…12

You can use validate_format_of :a_date (and specify a regex), or there’s a plugin that helps for this (i haven’t tried it: http://railslodge.com/plugins/111-validates-date-time)

etc…

is that what you’re looking for?

Harold A. Giménez Ch. wrote:

Sounds like something you can do with ActiveRecord validations:

http://api.rubyonrails.org/classes/ActiveRecord/Validations/ClassMethods.html

for example:

validates_numericality_of :some_numer
validates_length_of :something_else, :in => 3..12

You can use validate_format_of :a_date (and specify a regex), or there's
a
plugin that helps for this (i haven't tried it:
http://railslodge.com/plugins/111-validates-date-time)

etc...

is that what you're looking for?

No... ActiveRecord validations only works if the SQL operation is an
insert or update ("create" and "update" methods, respectively), but I
also need it to select querys ("find" method). That's the problem... :S

Thanks again! :wink:

In that case, I don’t know of a way to reuse an ActiveRecord validation before running a find. You don’t even have a ActiveRecord object at that point yet.

You might just have to write your custom validations before running the find. Maybe someone else has a better option. Sorry :-o)

-H

Why do you need to validate on a find method?

There should never be an invalid record at the database, that's why
there is no validation in a find and for the same reason there
shouldn't be. If you think you really need it, maybe you haven't
really figured out what your problem is.

Completely agree with you, Mauricio.

The only reason I can see the need to validate before a find is if your are absolutely obsessed with performance and you don’t want to hit the DB if you know a priori that no record will be returned. This is definitely not a normal case. If the query takes too long you might have to rethink your schema, your query, or create proper indexes.