Wow, I appreciate all of the quick responses!  I asked here because I figured converting a string into active code was more of a Ruby than a Rails thing, but I see how it could have been better put to the Rails lists.

Thanks again!

-Kyle

On Fri, 8 Jun 2007 20:25:53 +0900, dblack / wobblini.net wrote:
> Hi --
> 
> On Fri, 8 Jun 2007, Robert Klemme wrote:
> 
>> On 08.06.2007 02:36, Giles Bowkett wrote:
>>> On 6/7/07, Kyle Rabe <kyle.rabe / massstreetmusic.com> wrote:
>>>> In short, I'm looking for a way to grab a string from a database and
> use
>>>> it as code in my rails app.  I understand the security implications,
> but
>>>> it's still what I want to do (and I don't know what other options I
>>>> have!).
>>>
>>> it's pretty easy, but I wouldn't recommend doing it.
>>>
>>> string = "p 'hello world'"
>>> eval(string)
>>
>> To make it safer, he could do some checks to verify the filter is legal,
>> something like
>>
>> def convert(filter)
>>  case filter
>>    when /\A\d+\.{2,3}\d+\z/, /\A[+-]?\d+\z/
>>      eval filter
>>    ...
>>    else
>>      raise "Filter Error: #{filter}"
>>  end
>> end
> 
> Another thought would be to store the ranges as non-code data, in
> their own table -- basically two integers per record -- and then
> construct the range dynamically (but just using regular range syntax,
> without eval) from those values.
> 
> 
> David
> 
> --
> Q. What is THE Ruby book for Rails developers?
> A. RUBY FOR RAILS by David A. Black (http://www.manning.com/black)
>     (See what readers are saying!  http://www.rubypal.com/r4rrevs.pdf)
> Q. Where can I get Ruby/Rails on-site training, consulting, coaching?
> A. Ruby Power and Light, LLC (http://www.rubypal.com)