I have the following piece of code, where params[:sort] is a variable whose value is one of m's column.
eval "@movie = @movie.sort_by { |m| m.#{params[:sort]}}"
Basically I want to sort the array @movie according to the column specified. Is there any way to do this without eval?
@movie = @movie.sort_by { |m| m.send(params[:sort])}
You need to sanitize params[:sort] to prevent calling destroy for example.
As told before, you should use send and as you use params (which I assume is Rails), you should probably check if the method exists to avoid a NoMethodError exception and, even better, test against a white list to prevent some user to use it to get data they shouldn't have.
# Just for the example :
valid_sort_methods = Movie.new.attributes.keys - Movie.protected_attributes.to_a
if valid_sort_methods.include? params[:sort]
@movie = @movie.sort_by { |m| m.send params[:sort] }
end
"white".whitelist("black", "white") #=> "white", "blue".whitelist("black", "white") #=> nil.You can use send to call the accessor method. Depending on where params[:sort] has come from and what sanitisation has been applied, this could still be dangerous. You wouldn't want params[:sort] to be destroy for example.
If you only intend to read attributes then the simplest thing is probably to call read_attribute, which is also aliased as [], for example
@movie = @movie.sort_by { |m| m[params[:sort]]}
var = f(var)is pretty dubious, why not create a new variable for the new value?