[Rails] Re: acts_as_list crashes with non-numeric id

On Monday, May 20, 2013 2:19:28 PM UTC+1, Ruby-Forum.com User wrote:

Greg Willits wrote in post #1109539:
> Seems to me acts_as_list has a bug -- I have data where the row id is a
> random alphaNumeric, not a simple integer. Using acts_as_list with a
> scope of a related model id, acts_as_list crashes the app due to a
> faulty query in MySQL something like this:
>
> class LineItem < ActiveRecord::Base
> belongs_to :order
> acts_as_list :scope => :order_id
> end
>
> Unknown column 'UXPzIdeIuIFkz6n' in 'where clause': UPDATE `line_items`
> SET position = (position - 1) WHERE (order_id = UXPzIdeIuIFkz6n AND
> position > 5)
>
> I've been trying several ways to force substition to generate those
> needed quotes myself, but so far no luck.
>
> Anyone battle & solve this? Thx.

For future reference this is one of those times that fighting Rails
conventions makes your life more difficult as a Rails developer. Rails
wants it simple incrementing integer primary keys. If you can
accommodate that wish then life for you as a developer gets simpler. If
you want a key that is non-numeric, create a separate column and put a
unique constraint on it, but let Rails have its standard simple integer
key for use in creating associations.

This feels like it should work though - scope is not necessarily a foreign key column (it could easily be a status column for example (open/closed/etc)), so it should work with string valued columns. Also anything which allows an unquoted, user controllable string into an SQL query is  a potential security problem

Fred

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/c4db151e-0b00-46db-a3a7-d4c451abf0e8%40googlegroups.com?hl=en-US.
For more options, visit https://groups.google.com/groups/opt_out.