0

I have content column in my Posts table. I insert into Posts table some info in Post model

Post.create({content: "<%= link_to('post', post_path) %> blah blah ... "})

When I want to renter @post.content I receive "<%= link_to('post', post_path) %> blah blah ..." without string executing.

How to render it right?

Improve this question
6
  • 1
    You do what you want off course :) but I have to tell you that storing executable code in your database is not a good idea in the long term Commented Jul 22, 2014 at 23:32
  • As Benjamin said, it's a bad idea, short and long term. Frankly I'm not even sure how you would accomplish this anyways. It might work if you ditched the outer ERB brackets and used eval on the string. However, if your intention is to render something that is specific to only one or a few objects, it would be far better and easier to build this in to the model, or view template itself. Commented Jul 22, 2014 at 23:39
  • @user1538633 why not store string in a text column instead of code? Commented Jul 22, 2014 at 23:42
  • I know that its bad idea. Actually I have to write something like "post analyzer" that would cover @usernames and #hashtags by links. I recognise 2 ways how to do it. First way is executing "post analyzer" each time while user requests posts or second is store analyzed posts. Which way is better or you know third way? thank you all. Commented Jul 23, 2014 at 8:53
  • @user1538633 I can't quote any best practice sources but I would argue that you should process content on request, not on save. That way, you can change the behaviour, or add new functionality to this post analyzer, without worrying about updating the previously analyzed post content. Commented Jul 23, 2014 at 13:44

1 Answer 1

Reset to default
1

So, as said it is a very wrong idea to store code in your database. There is very little exception to that and it's very complicated to implement, bug prone, and present security issues. In short: don't do it.

So you need an alternative design. There is basically 3 situations, pick-up the one that correspond to your application's goal:

A- If your method parameters and output will never change in the future, then you execute your code and store the output in a cached columns (type string or text) of your model before saving. When retrieving this cached output later you can just use it as it

post.cached_output = my_method(...)
post.save
# In the future, in your view:
<%= post.cached_output %>

B- If the parameter of your method will never change in the future but the method output differs according to external elements, then just store that one parameter's value and call the method each time you need its output

post.cached_parameter = 17
post.save
# In the future, in your view:
<%= my_method(params: post.cached_parameter) %>

C- If your method's parameter change over time and your method output also changes overtime, then you don't need to cache anything in your database

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.