Is there any better way to do this?

#order can be "date" or "score" or "user"

@order = "date" #default
@order = session[:order] if session[:order]
@order = params[:order] if params[:order]

orderby = "updated_on DESC" #default
orderby = "score DESC" if @order == "score"
orderby = "user" if @order == "user"

session[:order] = @order

@results = Stats.find(:all, :order => orderby, :conditions..........

* James Bond <rails-mailing-list@andreas-s.net> [2009-01-25 15:07:51 +0100]:

#order can be "date" or "score" or "user"

@order = "date" #default
@order = session[:order] if session[:order]
@order = params[:order] if params[:order]

orderby = "updated_on DESC" #default
orderby = "score DESC" if @order == "score"
orderby = "user" if @order == "user"

session[:order] = @order

@results = Stats.find(:all, :order => orderby, :conditions..........

@order = params[:order] || session[:order] || 'date'
orderby = case @order
          when 'user' then 'user'
          when 'score' then 'score DESC'
          else 'updated_on DESC'
          end

my $0.02
Jan

James Bond wrote:

#order can be "date" or "score" or "user"

Don't use @ unless you are really passing a variable to other methods in this class.

@order = "date" #default
@order = session[:order] if session[:order]
@order = params[:order] if params[:order]

order = session[:order] || params[:order] || 'date'

Note I use single 'ticks' because I don't need the special abilities of "". That represents a very important style rule - use the simplest code you can. Think of "" as "costing more" than ''.

orderby = "updated_on DESC" #default
orderby = "score DESC" if @order == "score"
orderby = "user" if @order == "user"

orderby = order == 'date' ? 'updated_on' : order

Xie Hanjian wrote:

orderby = case @order
          when 'user' then 'user'
          when 'score' then 'score DESC'
          else 'updated_on DESC'
          end

That's better than mine by preserving the DESC.

But why the params and session themselves don't contain the real code - 'updated_on DESC'. The View could, for example, show 'date' to the user and set its value to 'updated_on DESC'. Then all this fun goes away!

* Phlip <phlip2005@gmail.com> [2009-01-25 08:32:22 -0800]:

Xie Hanjian wrote:

> orderby = case @order
> when 'user' then 'user'
> when 'score' then 'score DESC'
> else 'updated_on DESC'
> end

That's better than mine by preserving the DESC.

But why the params and session themselves don't contain the real code -
'updated_on DESC'. The View could, for example, show 'date' to the user and set
its value to 'updated_on DESC'. Then all this fun goes away!

Agree. The only reason may be security - user would know your table
column name 'updated_on' if you use it directly in view.

Jan

Xie Hanjian wrote:

But why the params and session themselves don't contain the real code - 'updated_on DESC'. The View could, for example, show 'date' to the user and set its value to 'updated_on DESC'. Then all this fun goes away!

Agree. The only reason may be security - user would know your table
column name 'updated_on' if you use it directly in view.

They also might hack the params and put in a SQL injection attack.