Daniel Sheppard wrote:
> def run_some_script
> ruby_code = Mytable.ruby_code
> eval("ruby_code")
> end

I guess it's just a typo but in this case it's

eval(ruby_code)

Otherwise you'll just get the contents of the variable ruby_code... :-)

> Depending on the ultimate source of that code - if you don't trust the
> string completely, you might want to do:
> 
> def run_some_script
> ruby_code = Mytable.ruby_code
> Thread.new do
> $SAFE = 3
> eval(ruby_code)
> end.join
> end
> 
> It will stop things like "system('del filename')" from being eval'd.
> 
> (I think that's the right way to go about it... I don't have the need
> to 
> do unsafe evals that often).

Yep.

Kind regards

    robert