CGI - Ruby Data Types

Hi all, me again, jeez im clocking up some traffic, sorry

thanks for all your help before, it was just me been stupid and leaving out
an enclosing quote for the hash key lookup doh !

Im from a perl background so im having some trouble as I am not used to
having to check my data types

for example , I have my CGI script

cgi = CGI.new
id = cgi[‘id’]

prj = Project.new(id)
print prj.DisplayProject

when I print id.type is states that it is an array ?

my project class needs to check the value of id because if it is passed as a
valid ie > 0 integer then the user is requesting you to load the data for
the project, the problem is it never fails below so when no id is passed
then it still tries to execute the SQL

def initialize(id)

	if id
		
		db = Db.connection
		sql = SQL_PROJECT + " WHERE prj_id = #{id} "
		print sql
		qry = db.prepare(sql)
		qry.execute
		@data = qry.fetch_hash
		qry.finish
	end

end

In a month or two I will probably be thinking how simple this all is but we
all have to learn the intricasies, other than that ruby kicks butt as a
language, no more worrying about unreadable perl code, or pythons quirks
with properties in classes and finally Visual Basic, well they say its a
language

Thanks again

Graeme Matthew
Analyst Programmer
Mercer Investment Consulting
Level 29, 101 Collins Street, Melbourne, VIC, 3001, Australia
Tel - 61 3 9245 5352 Fax - 61 3 9245 5330
visit http://www.merceric.com

this may fix it:

id = cgi['id']

id =cgi['id'][0]

the array thing for cgi vars annoys me, but I haven't come up with
something better...

regards,
-joe

Hello –

Hi all, me again, jeez im clocking up some traffic, sorry

Don’t worry – see my last post if you want to see real filler

thanks for all your help before, it was just me been stupid and leaving out
an enclosing quote for the hash key lookup doh !

Im from a perl background so im having some trouble as I am not used to
having to check my data types

You shouldn’t have to do that much at all in Ruby.

for example , I have my CGI script

cgi = CGI.new
id = cgi[‘id’]

prj = Project.new(id)
print prj.DisplayProject

when I print id.type is states that it is an array ?

id will indeed be an Array here – that’s how the CGI library stores
the params.

So… you need to do:

id = cgi[“id”][0]

or

id, = cgi[“id”] # note the comma

to get the first element. (There’s been a lot of discussion in recent
months about making it easier to get at the first element in cases
where the array only has one element. I don’t remember where that
stands exactly.)

my project class needs to check the value of id because if it is passed as a
valid ie > 0 integer then the user is requesting you to load the data for
the project, the problem is it never fails below so when no id is passed
then it still tries to execute the SQL

I don’t know if it matters here, but don’t forget that id will
actually be a string, and you have to convert it if needs to be an
integer (with to_i).

David

You may not be used to checking data types, but you should be used to
verifying data from your CGI before you pass it to your RDBMS in a SQL
statement! What if someone sends you:

id=1%3Bdelete%20*%20from%20table_name%3B

as the parameter? That could really ruin your day… it translates to:

id=1;delete * from table_name;

which your script-- as shown-- would simply attempt to execute. You have a
lot more faith in mysql.rb than I do, if you expect it to protect you from
this sort of attack.

In this case though, you want to write:

id = cgi.param(‘id’) #instead of id = cgi[‘id’]

to get at your argument in string form, and then

if /^\d+$/.match(id) # instead of if id

which will test that the id was just numbers. Modify regex as necessary to
get valid values for your field.

-michael