Week 7 Quiz

gistfile1.txt

## 1) What is SQL Injection



## 2) Which of these are safe from SQL Injection attacks?

A)

    User.where(:name => params[:name])

B)

    Product.where("price > (?)", params[:price])

C)

    Product.where("price < 5")


D)

    name = params[:name]
    query = "name = " + name
    User.where(query)

E)

  Product.where("quality = #{params[:quality]}")



## 3) Below is the help for Enumerable#detect what are some possible returns from the method?

detect(ifnone = nil) {| obj | block } → obj or nil click to toggle source
find(ifnone = nil) {| obj | block } → obj or nil
detect(ifnone = nil) → an_enumerator
find(ifnone = nil) → an_enumerator

Passes each entry in enum to block. Returns the first for which block is not false. If no object matches, calls ifnone and returns its result when it is specified, or returns nil otherwise.

If no block is given, an enumerator is returned instead.

## 4) Which of the methods below can we use to query against an aggregate set of data. For instance a store has many products and each product belongs to the store. What methods would we need to use to find all of the stores that that have an average product price of greater than $10?

    find
    where
    includes
    order
    limit
    offset
    joins
    group
    having


## 5) Explain the difference between inner join and outer join


## 6) What method can we use to get rid of the N+1 Query problem?


## 7) Which of these indicates a Class method and which an instance method?


A)
    @user.name

B)

    User.last



## 8) What type of logic did we use in our testing last week?

Hint: if you're working really hard at your job it could be said that you are ______ing yourself.