6 Replies - 26429 Views - Last Post: 24 February 2011 - 09:21 PM Rate Topic: -----

#1 drpppr242   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 5
  • Joined: 02-November 08

Type casting in ruby

Post icon  Posted 24 August 2009 - 09:24 AM

db.query("INSERT INTO users SET uid = " + userid + ", username = '" + site + "', passwd = '" + password + "', homedir = '/path/to/dir/" + site + "', gid = " + groupid + ";")


I'm trying to do an insert into a mysql db and got this error:
can't convert Fixnum into String (TypeError)
Normally I would think something like this would work:
db.query("INSERT INTO users SET uid = " + (string)userid + ", username = '" + site + "', passwd = '" + password + "', homedir = '/path/to/dir/" + site + "', gid = " + (string)groupid + ";")

Now I'm sure I'm missing something stupid and obvious, but as best I can tell ruby doesn't allow explicity declaring data types, and I can't find how to typecast. What's teh proper way to handle this?

and btw, there is a lot more to this script that's not posted here but I assure you the db connection is opened correctly and the variables contain their expected values which for userid and groupid is an int, and the rest are strings.

Is This A Good Question/Topic? 0
  • +

Replies To: Type casting in ruby

#2 JackOfAllTrades   User is offline

  • Saucy!
  • member icon

Reputation: 6258
  • View blog
  • Posts: 24,026
  • Joined: 23-August 08

Re: Type casting in ruby

Posted 24 August 2009 - 09:40 AM

userid.to_s
Was This Post Helpful? 0
  • +
  • -

#3 MitkOK   User is offline

  • D.I.C Regular
  • member icon

Reputation: 32
  • View blog
  • Posts: 403
  • Joined: 09-August 07

Re: Type casting in ruby

Posted 24 August 2009 - 09:43 AM

num = 10
num.to_s => "10"

And please, do not abuse Ruby with PHP-like cr*p style.

This post has been edited by MitkOK: 24 August 2009 - 10:14 AM

Was This Post Helpful? 0
  • +
  • -

#4 drpppr242   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 5
  • Joined: 02-November 08

Re: Type casting in ruby

Posted 24 August 2009 - 10:39 AM

View PostMitkOK, on 24 Aug, 2009 - 08:43 AM, said:

num = 10
num.to_s => "10"

And please, do not abuse Ruby with PHP-like cr*p style.

Thanks for the help that did it, and in my defense that's clearly C-like cr*p style because I don't know php.
Was This Post Helpful? 0
  • +
  • -

#5 MitkOK   User is offline

  • D.I.C Regular
  • member icon

Reputation: 32
  • View blog
  • Posts: 403
  • Joined: 09-August 07

Re: Type casting in ruby

Posted 24 August 2009 - 10:53 AM

PHP is C-like language and most of the web developers are doing stuff like this query :)

If you're building more complex app I recommend you to look at some of the ORMs :

DataMapper - http://datamapper.org
Sequel - http://sequel.rubyforge.org/
ActiveRecord - http://api.rubyonrai...ecord/Base.html

This post has been edited by MitkOK: 24 August 2009 - 10:57 AM

Was This Post Helpful? 0
  • +
  • -

#6 drpppr242   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 5
  • Joined: 02-November 08

Re: Type casting in ruby

Posted 24 August 2009 - 11:04 AM

View PostMitkOK, on 24 Aug, 2009 - 09:53 AM, said:

PHP is C-like language and most of the web developers are doing stuff like this query :)

If you're building more complex app I recommend you to look at some of the ORMs :

DataMapper - http://datamapper.org
Sequel - http://sequel.rubyforge.org/
ActiveRecord - http://api.rubyonrai...ecord/Base.html


I know this is starting to get off topic from the original post but my use for ruby is primarly for a bunch of sys admin scripts, and we use mySQL database backends for most everything, so pretty much all the scripts are connecting to MySQL databases and pulling/moddifying data. I'm not sure a understand the advantages of using those ORMs over just using require 'mysql' and doing queries the way I did in the above question? I guess the short question is do those add significant functionality or simply clean up syntax?
Was This Post Helpful? 0
  • +
  • -

#7 Guest_Chuck vdL*


Reputation:

Re: Type casting in ruby

Posted 24 February 2011 - 09:21 PM

View Postdrpppr242, on 24 August 2009 - 09:24 AM, said:

db.query("INSERT INTO users SET uid = " + userid + ", username = '" + site + "', passwd = '" + password + "', homedir = '/path/to/dir/" + site + "', gid = " + groupid + ";")


I'm trying to do an insert into a mysql db and got this error:
can't convert Fixnum into String (TypeError)
Normally I would think something like this would work:
db.query("INSERT INTO users SET uid = " + (string)userid + ", username = '" + site + "', passwd = '" + password + "', homedir = '/path/to/dir/" + site + "', gid = " + (string)groupid + ";")

Now I'm sure I'm missing something stupid and obvious, but as best I can tell ruby doesn't allow explicity declaring data types, and I can't find how to typecast. What's teh proper way to handle this?


The proper way to handle that is NOT to assemble your dammed query on the fly with user input in the middle of it.

1) santize your inputs
2) USE A PARAMETERIZED STORED PROC
3) NEVER ever ever ever create a query on the fly that contains user input, that way lies opening the doors of your project to hackers

all you need is for some jerk to put in something like

foo'--; drop table users;

into the username field and you can start kissing your db good-by.

and that's just the start.. a skilled hacker can reverse engineer your entire db structure, insert their own data, or access the admin account and completely own the site.

google "SQL Injection" or "injection vulnerabilities" for more info
Was This Post Helpful? 0

Page 1 of 1