December 19, 2014
Hot Topics:

Avoiding Data Corruption with Rails' Active Record Validations

  • November 12, 2007
  • By Jason Gilmore
  • Send Email »
  • More Articles »

Ask any experienced Web developer what is the most important single piece of advice he could pass along to less-experienced colleagues, and chances are very good he'll tell you it's that user input should not be trusted under any circumstances. This is because chances are at one point a careless, or even malicious bit of unchecked user-provided data has thrown a major monkey wrench into an otherwise well-oiled web application.

Unexamined user input has the potential to create all sorts of problems for Web developers, ranging from minor customer service issues such as the inability to respond to a client who has mistakenly provided an invalid email address to major losses of data due to the passage of malevolent commands to the operating system by way of an attack method known as SQL injection.

But, writing code capable of successfully validating and filtering user input is a tedious, error-prone process. Thankfully, it's a task that developers around the world also face, making such code a prime candidate for abstraction and reuse. In fact, the Ruby on Rails development team considered the matter so crucial that they built many such validation routines into the Rails framework itself. Integrated into Rails' Active Record implementation, these validation methods allow you to easily ensure the validity of your data model.

To demonstrate the utility of Active Record's validation routines, presume you were adding a customer support form to a corporate web site. The intent of this form is to provide customers with an easy way to contact customer service and ask questions about recently purchased products and services. As a timely and informed response will be significant in terms of keeping the cusotmer happy, it's crucial to ensure the provided user data is gathered and saved without error. This data will be stored in a model named Question, which consists of five data fields, including the client's name, email address, phone number, choice of contact method (phone or email), and finally the support question.

Create the Question Model

To follow along with this tutorial, begin by creating a new Rails project named corporate, and then create a new model named Question:

%>rails corporate
<snip>
%>ruby script/generate model Question
<snip>

The migration looks like this:

class CreateQuestions < ActiveRecord::Migration
   def self.up
      create_table :questions do |t|
         t.column :name,  :string, :null=>false
         t.column :email, :string, :null=>false
         t.column :phone, :string, :null=>false
         t.column :contact_method, :string, :null=>false
         t.column :message, :text, :null=>false
      end
   end

   def self.down
      drop_table :questions
   end
end

Creating the Support Form

Next up, you'll create the web that which the customer will use to submit questions. To do so, first create a controller named Support, in addition to two methods, one named index that will offer the form to the user, and another named submit that will process the form.

%>ruby script/generate controller Support index submit

The support request form as found in the index.rhtml view as follows:


<% if flash[:notice] %>
   <div class="notice"><%= flash[:notice] %></div>
<% end %>

<h3>Contact Customer Support</h3>

<%= form_tag '/support/submit' -%>
<p>
   <label for="shop_name">Your Name:</label><br/>
   <%= text_field "question", "name", "size" => 25 %>
</p>  

<p>
   <label for="question_phone">Your Phone Number:</label><br/>
   <%= text_field "question", "phone", "size" => 25 %>
</p>

<p>
   <label for="question_email">Your E-mail Address:</label><br/>
   <%= text_field "question", "email", "size" => 25 %>
</p>

<p>
   <label for="method">Preferred Contact Method?</label></br />
   <%= select("question", "contact_method", {"phone" => "Phone",
                                             "email" => "E-mail"}) %>
</p>

<p><label for="question_email">Your Question:</label><br/>
   <%= text_area "question", "message", "rows" => 5, "cols" => 35 %>
</p>

<p>
   <%= submit_tag "Submit!" %>
</p>
<%= end_form_tag -%>




Page 1 of 3



Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Sitemap | Contact Us

Rocket Fuel