小编Pav*_*lli的帖子

我使用mysql_real_escape_string()来阻止sql注入下面的$ field变量.我应该为$ _SESSION ['user_id']使用相同的内容吗？

我无法想象有人能够更改$ _SESSION数组中的值.他们可以吗？

$query = "SELECT `".mysql_real_escape_string($field)."` FROM `users` WHERE         `id`='".$_SESSION['user_id']."'";

在使用public activity gem时,我试图弄清楚如何在rails控制台中访问活动.

我有这两个输入:

<%= search_form_for @search, url: search_path, method: :post do |f| %>
  <%= f.text_field :thing_false %>
  <%= f.text_field :thing_null %>
<% end %>

当它们都被设置为"t"时,我执行了这个查询:

SQL: SELECT "stuffs".* FROM "stuffs" WHERE (("stuffs"."thing" = 'f' AND "stuffs"."thing" IS NULL))

我怎么做到这样我才能执行此操作？

SQL: SELECT "stuffs".* FROM "stuffs" WHERE (("stuffs"."thing" = 'f' OR "stuffs"."thing" IS NULL))

ransack文档并没有真正解决这个问题.这是我能找到的最接近的例子:

>> User.search(:first_name_or_last_name_cont => "Rya").result.to_sql
=> SELECT "users".* FROM "users"  WHERE ("users"."first_name" LIKE '%Rya%' 
   OR "users"."last_name" LIKE '%Rya%')

在终端上执行cap qa deploy后,我在部署结束时收到以下错误:

failed: "sh -c 'cd [removed]/releases/[removed] && bundle exec whenever --update-crontab [removed] --set environment=production --roles db'" on [removed]

我困惑的第一件事是当我使用capistrano和deploy时,为什么它在db角色上运行when命令？它不应该自动在app角色上运行命令吗？

在服务器上: Bundler版本1.3.5

的Gemfile:

gem 'whenever', require: false

schedule.rb:

env 'PATH', ENV['PATH']

set :output, "/log/cron.log"
set :stage, :environment_variable

every 5.minutes, :roles => [:app] do
  runner "[removed]"
end

every 1.day, :at => '0:01 am' do
    command "[removed]"
end

deploy.rb:

require 'capistrano/log_with_awesome'
require "bundler/capistrano"

set :application, "[REMOVED]"

set :scm, :git 

set :repository,  "[REMOVED]"

set :branch, "master"
set :deploy_via, :remote_cache 

set …

我从服务器抓取数据并将它们推入可观察的数组中.

我正在将observable推入一个可观察的数组中.

当我将数据推入observable时,observable包含数据.

但是,只要我将observable推入可观察数组,一些可观察数据就会丢失数据.

      self.mealFoods([]);

      $.ajax({
        url: "/mealsurl/1",
        async: false,
        dataType: 'json',
        success: function(datad) {

          for(var lia = 0; lia < datad.length; lia++){
            var cats_url = "/catsurl/" + datad[lia].category_id;

            var units_by_food_url = "/unitsurl/" + datad[lia].ndb_no;

            var foodThing = new NewFood();

            foodThing.foodId(parseInt(datad[lia].id)); //works

            foodThing.category(parseInt(datad[lia].category_id)); //works

            $.ajax({
              url: cats_url,
              dataType: 'json',
              success: function(dat) {
                foodThing.category_foods(dat); //works
              }
            });

            foodThing.food(datad[lia].ndb_no); //works

            $.ajax({
              url: units_by_food_url,
              dataType: 'json',
              success: function(dat) {
                foodThing.food.units(dat); //works
              }
            });

            foodThing.unit(parseInt(datad[lia].seq)); //works

            foodThing.number_of_unit(datad[lia].this_much); //works



            self.mealFoods.push(foodThing); 

            // At this point when …