> On Behalf Of arnaud stageman
> 
> It would be better :
> def show
>   @room = Room.find(params[:id])
>   @racks_room = Rack.find(:all, :conditions => ["room_id = ?", 
> @room.id])
>   @free_racks = Rack.find(:all, :conditions => ["room_id != ?", 
> @room.id])
> end
> 
> Because you avoid sql injection.

From the docs:

"The array form is to be used when the condition input is 
tainted and requires sanitization"

I wouldn't think of an id derived from another table as been tainted.
Perhaps I'm wrong, but please explain if this is the case. I don't think
you can store malicious code in an NUMERIC column? 
 
> The first solution is better because you execute only one sql request.

I don't buy that without seen benchmark results. Iterating in pure ruby
while creating two new arrays (increasing the size each iteration) is 
hardly faster than executing an SQL statement. (those db guys are realy
speed freaks :))

cheers

Simon