Your finder there is completely terrible. It's vulnerable to a SQL injection attack. Instead, you want Catalog.find_all_by_section(params[:section]); that is cleaner and requires no SQL. Furthermore, why isn't this in the context of a full Rails app? Why do you manually establish the ActiveRecord connection in the model? Finally, why are you embedding your HTML generation in the controller instead of putting it where it belongs, in views?

This tutorial is written by someone who apparently does not know Ruby on Rails. If you have read this far, your mind has more than likely absorbed some of this misinformed tutorial. Do yourself a service hit your head with a hammer and forget everything you have read on this page, or consider this a lesson in what not to do in Rails. If you do a search for Ruby on Rails tutorials, I assure you anything can be better than this tutorial.

There are typos in the code. The indentation is abysmal. The lack of use of Rails conventions shows through. Matt is right. What is up with the SQL in the tutorial? Why are partials not used instead of constructing html in the controller. BARF!!!

Matthew,

Different finder methods are available. Dynamic finders may be used as you suggested. The result set for a section may be obtained by any of the following methods.

Catalog.find(:all, :conditions => ["section = ?", @section])

Catalog.find_all_by_section(@section)

Catalog.find_by_sql("SELECT * from catalogs WHERE SECTION='"+@section+"'")

Deepak

For Rails best practices please refer

http://wiki.rubyonrails.org/rails/pages/RailsBestPractices/versions/152

The MySQL Adapter for Ruby on Rails might generate some errors.

http://wiki.rubyonrails.org/rails/pages/MySQL+Database+access+problem

If password= nil generates an error, use password= . Or, create a database instance with a password for the root user. By default root does not require a password.

Due to a bug in request.raw_post, request.raw_post might return the string specified appended with '='.

To obtain the string specified use

@section=request.raw_post[0, request.raw_post.length-1]

Your finder there is completely terrible. It's vulnerable to a SQL injection attack. Instead, you want Catalog.find_all_by_section(params[:section]); that is cleaner and requires no SQL.

The following method may also be used.

Catalog.find(:all, :conditions => ["section = ?", @section])

Furthermore, why isn't this in the context of a full Rails app? Why do you manually establish the ActiveRecord connection in the model?

Establishing a connection in the model class is not required as the database.yml connection parameters are used by default to establish a connection. The connection is established in the model class to demonstrate establish_connection and set_table_name. A different table than "catalogs" may be specified and a connection with a different database or as a different user may be established.

Finally, why are you embedding your HTML generation in the controller instead of putting it where it belongs, in views?

The HTML may be included in the view instead of the controller class.

Finally, why are you embedding your HTML generation in the controller instead of putting it where it belongs, in views?

According to the observe_field method, the :update option specifies the DOM ID of the element whose innerHTML should be updated with the XMLHttpRequest response text.

The HTML is returned by the controller class.