PRIMARY KEYS AND IDS 288

To query a column as a boolean value in a condition, you must append a question mark to the column’s name.

# INSTEAD, DO THIS

user = Users.find_by_name("Dave") if user.superuser?

grant_privileges end

This form of attribute accessor looks at the column’s value. It is interpreted as false only if it is the number zero; one of the strings "0", "f", "false", or "" (the empty string); a nil; or the constant false. Otherwise it is interpreted as true.

If you work with legacy schemas or have databases in languages other than English, the definition of truth in the previous paragraph may not hold. In these cases, you can override the built-in definition of the predicate methods. For example, in Dutch, the field might contain J or N (for Ja or Nee). In this case, you could write

class User < ActiveRecord::Base def superuser?

self.superuser == 'J' end

# . . .

end

17.3Primary Keys and IDs

If you’ve been looking at the underlying database tables for the Depot application, you’ll have noticed that each has an integer primary key column named id. By default, a Rails migration adds this when you use the create_table method. This is an Active Record convention.

“But wait!” you cry. “Shouldn’t the primary key of my orders table be the order number or some other meaningful column? Why use an artificial primary key such as id?”

The reason is largely a practical one—the format of external data may change over time. For example, you might think that the ISBN of a book would make a good primary key in a table of books. After all, ISBNs are unique. But as this particular book is being written, the publishing industry in the United States is gearing up for a major change as additional digits are added to all ISBNs.

If we’d used the ISBN as the primary key in a table of books, we’d have to update each row to reflect this change. But then we’d have another problem. There’ll be other tables in the database that reference rows in the books table via the primary key. We can’t change the key in the books table unless we first go through and update all of these references. And that will involve dropping foreign key constraints, updating tables, updating the books table, and finally reestablishing the constraints. All in all, this is something of a pain.

Report erratum

PRIMARY KEYS AND IDS 289

The problems go away if we use our own internal value as a primary key. No third party can come along and arbitrarily tell us to change our schema—we control our own keyspace. And if something such as the ISBN does need to change, it can change without affecting any of the existing relationships in the database. In effect, we’ve decoupled the knitting together of rows from the external representation of data in those rows.

Now there’s nothing to say that we can’t expose the id value to our end users. In the orders table, we could externally call it an order id and print it on all the paperwork. But be careful doing this—at any time some regulator may come along and mandate that order ids must follow an externally imposed format, and you’d be back where you started.

If you’re creating a new schema for a Rails application, you’ll probably want to go with the flow and let it add the id primary key column to all your tables.4 However, if you need to work with an existing schema, Active Record gives you a simple way of overriding the default name of the primary key for a table.

For example, you may be working with an existing legacy schema that uses the ISBN as the primary key for the books table. You specify this in your Active Record model using something like the following.

class Book < ActiveRecord::Base self.primary_key = "isbn"

end

Normally, Active Record takes care of creating new primary key values for records that you create and add to the database—they’ll be ascending integers (possibly with some gaps in the sequence). However, if you override the primary key column’s name, you also take on the responsibility of setting the primary key to a unique value before you save a new row. Perhaps surprisingly, you still set an attribute called id to do this. As far as Active Record is concerned, the primary key attribute is always set using an attribute called id. The primary_key= declaration sets the name of the column to use in the table. In the following code, we use an attribute called id even though the primary key in the database is isbn.

book = BadBook.new book.id = "0-12345-6789"

book.title = "My Great American Novel" book.save

# ...

"title"=>"My Great American Novel"}

4. As we’ll see later, join tables are not included in this advice—they should not have an id column.

Report erratum

CONNECTING TO THE DATABASE 290

Just to make life more confusing, the attributes of the model object have the column names isbn and title—id doesn’t appear. When you need to set the primary key, use id. At all other times, use the actual column name.

Composite Primary Keys

A table that uses multiple columns to identify each row is said to have a composite primary key. Rails does not support these tables, either when creating them using migrations or when trying to use them with Active Record.

However, all is not lost. If you need composite primary keys to make Rails work with a legacy schema, Google for some plugins. Folks are working on them.5

17.4Connecting to the Database

Active Record abstracts the concept of a database connection, relieving the application of dealing with the specifics of working with specific databases. Instead, Active Record applications use generic calls, delegating the details to a set of database-specific adapters. (This abstraction breaks down slightly when code starts to make SQL-based queries, as we’ll see later.)

One way of specifying the connection is to use the establish_connection class method.6 For example, the following call creates a connection to a MySQL database called railsdb on the server dbserver.com using the given user name and password. It will be the default connection used by all model classes.

ActiveRecord::Base.establish_connection(

)

Adapter-Specific Information

Active Record comes with support for the DB2, Firebird, Frontbase, MySQL, Openbase, Oracle, Postgres, SQLite, SQL Server, and Sybase databases (and this list will grow). Each adapter takes a slightly different set of connection parameters, which we’ll list in the following (very boring) sections. As always with Rails, things are changing fast. I recommend you visit the Rails wiki at http://wiki.rubyonrails.org/rails and check out the latest information on database adapters.

5.Such as Nic Williams at http://compositekeys.rubyforge.org/

6.In full-blown Rails applications, there’s another way of specifying connections. We describe it

on page 238.

Report erratum

CONNECTING TO THE DATABASE 291

DB2 Adapter

Requires: Ruby DB2 library. IBM alphaworks recently released a Starter Toolkit for Rails that includes a copy of DB2 Express, its Ruby driver (called IBM DB2), and a Rails adapter. Alternatively, you can use Michael Neumann’s ruby-db2 driver, available as part of the DBI project on RubyForge.7

Connection parameters:

:adapter => "db2", # (or ibm-db2 for the IBM adapter) :database => "railsdb",

:username => "optional", :password => "optional", :schema => "optional"

Firebird Adapter

Requires: the FireRuby library (version 0.4 or greater), installable using

depot> gem install fireruby

Connection parameters:

Frontbase Adapter

Requires: ruby-frontbase (version 1.0 or later), installable using

depot> gem install ruby-frontbase

Connection parameters:

MySQL Adapter

Requires: technically, Rails needs no additional external library to talk to a MySQL database, because it comes with its own Ruby library that connects to a MySQL database. However, this library performs poorly, so we recommend installing the low-level C binding to MySQL.

depot> gem install mysql

7. http://rubyforge.org/projects/ruby-dbi/

Report erratum

CONNECTING TO THE DATABASE 292

The :socket parameter seems to cause a lot of problems. This is a reflection of some poor implementation decisions in MySQL itself. When you build MySQL, you hardwire into it the location of a socket file that clients use to talk with the server. If you’ve used different package management systems to install MySQL over time, you may find that this socket will be configured to be in different locations. If you build your Ruby libraries under one configuration and then reinstall MySQL, those libraries may no longer work, because the socket may have moved. The :socket parameter allows you to override the location built into the Ruby libraries and point to the current location of the socket file.

You can determine the location of the socket file from the command line using the command

depot> mysql_config --socket

Connection parameters:

#Use the following parameters to connect to a MySQL

#server using a secure SSL connection. To use SSL with no

#client certificate, set :sslca to "/dev/null"

Openbase Adapter

Requires: the openbase gem, which can be installed using

depot> gem install openbase

Connection parameters:

:adapter => "openbase", :database => "railsdb", :username => "optional", :password => "optional",

Report erratum

CONNECTING TO THE DATABASE 293

Oracle Adapter

Requires: ruby-oci8, available from RubyForge.8

Connection parameters:

Postgres Adapter

Requires: The ruby-postgres gem, installed using

depot> gem install ruby-postgres

Connection parameters:

SQLite Adapter

Rails can use both SQLite2 and SQLite3 databases: use a connection adapter of sqlite for the former, sqlite3 for the latter. You’ll need the corresponding Ruby interface library.

Connection parameters:

:adapter => "sqlite", # or "sqlite3" :database => "railsdb"

SQL Server Adapter

Requires: Ruby’s DBI library, along with its support for either ADO or ODBC database drivers.9

Connection parameters:

8. http://rubyforge.org/projects/ruby-oci8/

9. http://rubyforge.org/projects/ruby-dbi/

Report erratum

CONNECTING TO THE DATABASE 294

:username => "optional", :password => "optional", :autocommit => true,

Sybase Adapter

Requires: sybase-ctlib library.10

Connection parameters:

:adapter => "sybase", :database => "railsdb",

:username => "optional", :password => "optional", :numconvert => true

If the :numconvert parameter is true (the default), the adapter will not quote values that look like valid integers.

Connections and Models

Connections are associated with model classes. Each class inherits the connection of its parent. Because ActiveRecord::Base is the base class of all the Active Record classes, setting a connection for it sets the default connection for all the Active Record classes you define. However, you can override this when you need to do so.

In the following example, most of our application’s tables are in a MySQL database called online. For historical reasons (are there any other?), the customers table is in the backend database. Because establish_connection is a class method, we can invoke it directly within the definition of class Customer.

ActiveRecord::Base.establish_connection(

class LineItem < ActiveRecord::Base

# ...

end

class Order < ActiveRecord::Base

# ...

end

class Product < ActiveRecord::Base

# ...

end

10. http://raa.ruby-lang.org/project/sybase-ctlib/

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 295

class Customer < ActiveRecord::Base

establish_connection(

# ...

end

When we wrote the Depot application earlier in this book, we didn’t use the establish_connection method. Instead, we specified the connection parameters inside the file config/database.yml. For most Rails applications this is the preferred way of working. Not only does it keep all connection information out of the code, it also works better with the Rails testing and deployment schemes. All of the parameters listed previously for particular connection adapters can also be used in the YAML file. See Section 14.3, Configuring Database Connections, on page 238 for details.

Finally, you can combine the two approaches. If you pass a symbol to establish_connection, Rails looks for a section in database.yml with that name and bases the connection on the parameters found there. This way you can keep all connection details out of your code.

17.5CRUD—Create, Read, Update, Delete

Active Record makes it easy to implement the four basic database operations: create, read, update, and delete.

In this section we’ll be working with our orders table in a MySQL database. The following examples assume we have a basic Active Record model for this table.

class Order < ActiveRecord::Base end

Creating New Rows

In the object-relational paradigm, tables are represented as classes, and rows in the table correspond to objects of that class. It seems reasonable that we create rows in a table by creating new objects of the appropriate class. We can create new objects representing rows in our orders table by calling Order.new. We can then fill in the values of the attributes (corresponding to columns in the database). Finally, we call the object’s save method to store the order back into the database. Without this call, the order would exist only in our local memory.

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 296

Download e1/ar/new_examples.rb

an_order = Order.new

Active Record constructors take an optional block. If present, the block is invoked with the newly created order as a parameter. This might be useful if you wanted to create and save away an order without creating a new local variable.

Download e1/ar/new_examples.rb

Order.new do |o|

end

Finally, Active Record constructors accept a hash of attribute values as an optional parameter. Each entry in this hash corresponds to the name and value of an attribute to be set. As we’ll see later in the book, this is useful when storing values from HTML forms into database rows.

Download e1/ar/new_examples.rb

an_order = Order.new(

an_order.save

Note that in all of these examples we did not set the id attribute of the new row. Because we used the Active Record default of an integer column for the primary key, Active Record automatically creates a unique value and sets the id attribute as the row is saved. We can subsequently find this value by querying the attribute.

Download e1/ar/new_examples.rb

an_order = Order.new an_order.name = "Dave Thomas"

# ...

an_order.save

puts "The ID of this order is #{an_order.id}"

The new constructor creates a new Order object in memory; we have to remember to save it to the database at some point. Active Record has a convenience method, create, that both instantiates the model object and stores it into the database.

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 297

Download e1/ar/new_examples.rb

an_order = Order.create(

You can pass create an array of attribute hashes; it’ll create multiple rows in the database and return an array of the corresponding model objects.

Download e1/ar/new_examples.rb

orders = Order.create(

:pay_type => "po" } ] )

The real reason that new and create take a hash of values is that you can construct model objects directly from form parameters.

order = Order.new(params[:order])

Reading Existing Rows

Reading from a database involves first specifying which particular rows of data you are interested in—you’ll give Active Record some kind of criteria, and it will return objects containing data from the row(s) matching the criteria.

The simplest way of finding a row in a table is by specifying its primary key. Every model class supports the find method, which takes one or more primary key values. If given just one primary key, it returns an object containing data for the corresponding row (or throws a RecordNotFound exception). If given multiple primary key values, find returns an array of the corresponding objects. Note that in this case a RecordNotFound exception is returned if any of the ids cannot be found (so if the method returns without raising an error, the length of the resulting array will be equal to the number of ids passed as parameters).

#Get a list of product ids from a form, then

#sum the total price

product_list = params[:product_ids]

total = Product.find(product_list).sum(&:price)

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 298

David Says. . .

To Raise, or Not to Raise?

When you use a finder driven by primary keys, you’re looking for a particular record. You expect it to exist. A call to Person.find(5) is based on our knowledge of the person table. We want the row with an id of 5. If this call is unsuccessful—if the record with the id of 5 has been destroyed—we’re in an exceptional situation. This mandates the raising of an exception, so Rails raises RecordNotFound.

On the other hand, finders that use criteria to search are looking for a match. So, Person.find(:first, :conditions=>"name=’Dave’") is the equivalent of telling the database (as a black box), “Give me the first person row that has the name Dave.” This exhibits a distinctly different approach to retrieval; we’re not certain up front that we’ll get a result. It’s entirely possible the result set may be empty. Thus, returning nil in the case of finders that search for one row and an empty array for finders that search for many rows is the natural, nonexceptional response.

Often, though, you need to read in rows based on criteria other than their primary key value. Active Record provides a range of options for performing these queries. We’ll start by looking at the low-level find method and later move on to higher-level dynamic finders.

So far we’ve just scratched the surface of find, using it to return one or more rows based on ids that we pass in as a parameter. However, find has something of a split personality. If you pass in one of the symbols :first or :all as the first parameter, humble old find blossoms into a powerful searching machine.

The :first variant of find returns the first row that matches a set of criteria, while the :all form returns an array of matching rows. Both of these forms take a set of keyword parameters that control what they do. But before we look at these, we need to spend a page or two explaining how Active Record handles SQL.

SQL and Active Record

To illustrate how Active Record works with SQL, let’s look at the :conditions parameter of the find(:all, :conditions =>...) method call. This :conditions parameter determines which rows are returned by the find; it corresponds to an SQL where clause. For example, to return a list of all orders for Dave with a payment type of “po,” you could use

pos = Order.find(:all,

:conditions => "name = 'Dave' and pay_type = 'po'")

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 299

The result will be an array of all the matching rows, each neatly wrapped in an Order object. If no orders match the criteria, the array will be empty.

That’s fine if your condition is predefined, but how do you handle the situation where the name of the customer is set externally (perhaps coming from a web form)? One way is to substitute the value of that variable into the condition string.

#get the limit amount from the form name = params[:name]

#DON'T DO THIS!!!

pos = Order.find(:all,

:conditions => "name = '#{name}' and pay_type = 'po'")

As the comment suggests, this really isn’t a good idea. Why? It leaves your database wide open to something called an SQL injection attack, which we describe in more detail in Chapter 26, Securing Your Rails Application, on page 599. For now, take it as a given that substituting a string from an external source into an SQL statement is effectively the same as publishing your entire database to the whole online world.

Instead, the safe way to generate dynamic SQL is to let Active Record handle it. Wherever you can pass in a string containing SQL, you can also pass in an array or a hash. Doing this allows Active Record to create properly escaped SQL, which is immune from SQL injection attacks. Let’s see how this works.

If you pass an array when Active Record is expecting SQL, it treats the first element of that array as a template for the SQL to generate. Within this SQL you can embed placeholders, which will be replaced at runtime by the values in the rest of the array.

One way of specifying placeholders is to insert one or more question marks in the SQL. The first question mark is replaced by the second element of the array, the next question mark by the third, and so on. For example, we could rewrite the previous query as

name = params[:name] pos = Order.find(:all,

:conditions => ["name = ? and pay_type = 'po'", name])

You can also use named placeholders. Each placeholder is of the form :name, and the corresponding values are supplied as a hash, where the keys correspond to the names in the query.

pos = Order.find(:all,

:conditions => ["name = :name and pay_type = :pay_type", {:pay_type => pay_type, :name => name}])

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 300

You can take this a step further. Because params is effectively a hash, you can simply pass it all to the condition. If we have a form that can be used to enter search criteria, we can use the hash of values returned from that form directly.

pos = Order.find(:all,

:conditions => ["name = :name and pay_type = :pay_type", params[:order]])

As of Rails 1.2, you can take this even further. If you pass just a hash as the condition, Rails generates a where clause where the hash keys are used as column names and the hash values the values to match. Thus, we could have written the previous code even more succinctly.

pos = Order.find(:all, :conditions => params[:order])

(Be careful with this latter form of condition: it takes all the key/value pairs in the hash you pass in when constructing the condition.)

Regardless of which form of placeholder you use, Active Record takes great care to quote and escape the values being substituted into the SQL. Use these forms of dynamic SQL, and Active Record will keep you safe from injection attacks.

Using Like Clauses

You might be tempted to do something like the following to use parameterized like clauses in conditions:

# Doesn't work

User.find(:all, :conditions => ["name like '?%'", params[:name]])

Rails doesn’t parse the SQL inside a condition and so doesn’t know that the name is being substituted into a string. As a result, it will go ahead and add extra quotes around the value of the name parameter. The correct way to do this is to construct the full parameter to the like clause and pass that parameter into the condition.

# Works

User.find(:all, :conditions => ["name like ?", params[:name]+"%" ])

Power find()

Now that we know how to specify conditions, let’s turn our attention to the various options supported by find(:first, ...) and find(:all, ...).

It’s important to understand that find(:first, ...) generates an identical SQL query to doing find(:all, ...) with the same conditions, except that the result set is limited to a single row. We’ll describe the parameters for both methods in one place and illustrate them using find(:all, ...). We’ll call find with a first parameter of :first or :all the finder method.

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 301

With no extra parameters, the finder effectively executes a select from... statement. The :all form returns all rows from the table, and :first returns one. The order is not guaranteed (so Order.find(:first) will not necessarily return the first order created by your application).

:conditions

As we saw in the previous section, the :conditions parameter lets you specify the condition passed to the SQL where clause used by the find method. This condition can be a string containing SQL, an array containing SQL and substitution values, or a hash. (From now on we won’t mention this explicitly—whenever we talk about an SQL parameter, assume the method can accept either an array or a string.)

daves_orders = Order.find(:all, :conditions => "name = 'Dave'")

name = params[:name]

other_orders = Order.find(:all, :conditions => ["name = ?", name])

yet_more = Order.find(:all,

:conditions => ["name = :name and pay_type = :pay_type", params[:order]])

still_more = Order.find(:all, :conditions => :params[:order])

:order

SQL doesn’t guarantee that rows will be returned in any particular order unless you explicitly add an order by clause to the query. The :order parameter lets you specify the criteria you’d normally add after the order by keywords. For example, the following query would return all of Dave’s orders, sorted first by payment type and then by shipping date (the latter in descending order).

orders = Order.find(:all,

:conditions => "name = 'Dave'",

:limit

You can limit the number of rows returned by find(:all, ...) with the :limit parameter. If you use the limit parameter, you’ll probably also want to specify the sort order to ensure consistent results. For example, the following returns the first 10 matching orders.

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 302

:offset

The :offset parameter goes hand in hand with the :limit parameter. It allows you to specify the offset of the first row in the result set that will be returned by

find.

#The view wants to display orders grouped into pages,

#where each page shows page_size orders at a time.

#This method returns the orders on page page_num (starting

#at zero).

def Order.find_on_page(page_num, page_size) find(:all,

:order => "id", :limit => page_size,

:offset => page_num*page_size)

end

You can use :offset in conjunction with :limit to step through the results of a query n rows at a time.

:joins

The :joins parameter to the finder method lets you specify a list of additional tables to be joined to the default table. This parameter is inserted into the SQL immediately after the name of the model’s table and before any conditions specified by the first parameter. The join syntax is database-specific. The following code returns a list of all line items for the book called Programming Ruby.

LineItem.find(:all,

:conditions => "pr.title = 'Programming Ruby'",

As we’ll see in Chapter 18, Active Record: Relationships between Tables, on page 323, you probably won’t use the :joins parameter of find very much—Active Record handles most of the common intertable joins for you.

:select

By default, find fetches all the columns from the underlying database table—it issues a select * from... to the database. Override this with the :select option, which takes a string which will appear in place of the * in the select statement.

This option allows you to limit the values returned in cases where you need only a subset of the data in a table. For example, your table of podcasts might contain information on the title, speaker, and date and might also contain a large blob containing the MP3 of the talk. If you just wanted to create a list of talks, it would be inefficient to also load up the sound data for each row. The :select option lets you choose which columns to load.

list = Talks.find(:all, :select => "title, speaker, recorded_on")

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 303

The :select option also allows you to include columns from other tables. In these so-called piggyback queries, your application can save itself the need to perform multiple queries between parent and child tables. For example, a blog table might contain a foreign key reference to a table containing author information. If you wanted to list the blog entry titles and authors, you might code something like the following. (This code, however, is incredibly bad Rails code for a number of reasons. Please wipe it from your mind once you turn the page.)

entries = Blog.find(:all) entries.each do |entry|

author = Authors.find(entry.author_id)

puts "Title: #{entry.title} by: #{author.name}" end

An alternative is to join the blogs and authors tables and to have the question include the author name in the result set.

entries = Blog.find(:all,

:joins => "as b inner join authors as a on b.author_id = a.id") :select => "*, a.name")

(Even better might be to use the :include option when you specify the relationship between the model classes, but we haven’t talked about that yet.)

:readonly

If :readonly is set to true, Active Record objects returned by find cannot be stored back into the database.

If you use the :joins or :select options, objects will automatically be marked

:readonly.

:from

The :from option lets you override the table name inserted into the select clause.

:group

The :group option adds a group by clause to the SQL generated by find.

summary = LineItem.find(:all,

:select => "sku, sum(amount) as amount"

:group => "sku")

:lock

The :lock option takes either a string or the constant true. If you pass it a string, it should be an SQL fragment in your database’s syntax that specifies a kind of lock. With MySQL, for example, a share mode lock gives us the latest data

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 304

in a row and guarantees that no one else can alter that row while we hold the lock. We could write code that debits an account only if there are sufficient funds using something like the following.

Account.transaction do

ac = Account.find(id, :lock => "LOCK IN SHARE MODE") ac.balance -= amount if ac.balance > amount

ac.save end

If you give :lock a value of true, the database’s default exclusive lock is obtained (normally this will be "for update"). You can often eliminate the need for this kind of locking using transactions (discussed starting on page 383) and optimistic locking (which starts on page 389).

There’s one additional parameter, :include, that kicks in only if you have associations defined. We’ll talk about it starting on page 360.

Finding Just One Row

The find(:all, ...) method returns an array of model objects. If instead you want just one object returned, use find(:first, ...). This takes the same parameters as the :all form, but the :limit parameter is forced to the value 1, so only one row will be returned.

Download e1/ar/find_examples.rb

#return an arbitrary order order = Order.find(:first)

#return an order for Dave

order = Order.find(:first, :conditions => "name = 'Dave Thomas'")

# return the latest order for Dave order = Order.find(:first,

If the criteria given to find(:first, ...) result in multiple rows being selected from the table, the first of these is returned. If no rows are selected, nil is returned.

Writing Your Own SQL

The find method constructs the full SQL query string for you. The method find_by_sql lets your application take full control. It accepts a single parameter containing an SQL select statement (or an array containing SQL and placeholder values, as for find) and returns a (potentially empty) array of model objects from the result set. The attributes in these models will be set from the

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 305

columns returned by the query. You’d normally use the select * form to return all columns for a table, but this isn’t required.11

Only those attributes returned by a query will be available in the resulting model objects. You can determine the attributes available in a model object using the attributes, attribute_names, and attribute_present? methods. The first returns a hash of attribute name/value pairs, the second an array of names, and the third returns true if a named attribute is available in this model object.

Download e1/ar/find_examples.rb

orders = Order.find_by_sql("select name, pay_type from orders")

first = orders[0]

pfirst.attributes

pfirst.attribute_names

pfirst.attribute_present?("address")

This code produces

{"name"=>"Dave Thomas", "pay_type"=>"check" } ["name", "pay_type"]

false

find_by_sql can also be used to create model objects containing derived column data. If you use the as xxx SQL syntax to give derived columns a name in the result set, this name will be used as the name of the attribute.

puts "#{li.title}: #{li.quantity}x#{li.unit_price} => #{li.total_price}"

As with conditions, you can also pass an array to find_by_sql, where the first element is a string containing placeholders. The rest of the array can be either a hash or a list of values to be substituted.

Order.find_by_sql(["select * from orders where amount > ?", params[:amount]])

11. But if you fail to fetch the primary key column in your query, you won’t be able to write updated data from the model back into the database. See Section 17.7, The Case of the Missing ID, on page 321.

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 306

David Says. . .

But Isn’t SQL Dirty?

Ever since developers first wrapped relational databases with an objectoriented layer, they’ve debated the question of how deep to run the abstraction. Some object-relational mappers seek to eliminate the use of SQL entirely, hoping for object-oriented purity by forcing all queries through an OO layer.

Active Record does not. It was built on the notion that SQL is neither dirty nor bad, just verbose in the trivial cases. The focus is on removing the need to deal with the verbosity in those trivial cases (writing a 10-attribute insert by hand will leave any programmer tired) but keeping the expressiveness around for the hard queries—the type SQL was created to deal with elegantly.

Therefore, you shouldn’t feel guilty when you use find_by_sql to handle either performance bottlenecks or hard queries. Start out using the object-oriented interface for productivity and pleasure, and then dip beneath the surface for a close-to-the-metal experience when you need to do so.

In the old days of Rails, people frequently resorted to using find_by_sql. Since then, all the options added to the basic find method mean that you can avoid resorting to this low-level method.

Getting Column Statistics

Rails 1.1 adds the ability to perform statistics on the values in a column. For example, given a table of orders, we can calculate

average = Order.average(:amount) # average amount of orders

These all correspond to aggregate functions in the underlying database, but they work in a database-independent manner. If you want to access databasespecific functions, you can use the more general-purpose calculate method. For example, the MySQL std function returns the population standard deviation of an expression. We can apply this to our amount column.

std_dev = Order.calculate(:std, :amount)

All the aggregation functions take a hash of options, very similar to the hash that can be passed to find. (The count function is anomalous—we’ll look at it separately.)

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 307

:conditions

Limits the function to the matched rows. Conditions can be specified in the same format as for the find method.

:joins

Specifies joins to additional tables.

:limit

Restricts the result set to the given number of rows. Useful only when grouping results (which we’ll talk about shortly).

:order

Orders the result set (useful only with :group).

:having

Specifies the SQL HAVING ... clause.

:select

Nominates a column to be used in the aggregation (but this can simply be specified as the first parameter to the aggregation functions).

:distinct (for count only)

Counts only distinct values in the column.

These options may be combined.

Order.minimum :amount

Order.minimum :amount, :conditions => "amount > 20"

These functions aggregate values. By default, they return a single result, producing, for example, the minimum order amount for orders meeting some condition. However, if you include the :group clause, the functions instead produce a series of results, one result for each set of records where the grouping expression has the same value. For example, the following calculates the maximum sale amount for each state.

result = Order.maximum :amount, :group => "state" puts result #=> [["TX", 12345], ["NC", 3456], ...]

This code returns an ordered hash. You index it using the grouping element ("TX", "NC", ... in our example). You can also iterate over the entries in order using each. The value of each entry is the value of the aggregation function.

The :order and :limit parameters come into their own when using groups. For example, the following returns the three states with the highest orders, sorted by the order amount.

result = Order.maximum :amount,

:group => "state", :limit => 3,

:order => "max(amount) desc"

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 308

This code is no longer database independent—in order to sort on the aggregated column, we had to use the MySQL syntax for the aggregation function (max, in this case).

Counting

We said that counting rows is treated somewhat differently. For historical reasons, there are several forms of the count function—it takes zero, one, or two parameters.

With no parameters, it returns the number of rows in the underlying table.

order_count = Order.count

If called with one or two parameters, Rails first determines whether either is a hash. If not, it treats the first parameter as a condition to determine which rows are counted.

result = Order.count "amount > 10"

result1 = Order.count ["amount > ?", minimum_purchase]

With two nonhash parameters, the second is treated as join conditions (just like the :join parameter to find).

result = Order.count "amount > 10 and line_items.name like 'rails%'", "left join line_items on order_id = orders.id"

However, if count is passed a hash as a parameter, that hash is interpreted just like the hash argument to the other aggregation functions.

Order.count :conditions => "amount > 10", :group => "state"

You can optionally pass a column name before the hash parameter. This column name is passed to the database’s count function so that only rows with a non-NULL value in that column will be counted.

Finally, Active Record defines the method count_by_sql that returns a single number generated by an SQL statement (that statement will normally be a select count(*) from...).

As with find_by_sql, count_by_sql is falling into disuse as the basic count function becomes more sophisticated.

Dynamic Finders

Probably the most common search performed on databases is to return the row or rows where a column matches a given value. A query might be return all

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 309

the orders for Dave, or get all the blog postings with a subject of “Rails Rocks.”

In many other languages and frameworks, you’d construct SQL queries to perform these searches. Active Record uses Ruby’s dynamic power to do this for you.

For example, our Order model has attributes such as name, email, and address. We can use these names in finder methods to return rows where the corresponding columns match some value.

Download e1/ar/find_examples.rb

order = Order.find_by_name("Dave Thomas") orders = Order.find_all_by_name("Dave Thomas")

order = Order.find_all_by_email(params['email' ])

If you invoke a model’s class method where the method name starts find_by_ or find_all_by_, Active Record converts it to a finder, using the rest of the method’s name to determine the column to be checked. Thus the call to

order = Order.find_by_name("Dave Thomas", other args...)

is (effectively) converted by Active Record into

order = Order.find(:first,

:conditions => ["name = ?", "Dave Thomas"], other_args...)

Similarly, calls to find_all_by_xxx are converted into matching find(:all, ...) calls.

The magic doesn’t stop there. Active Record will also create finders that search on multiple columns. For example, you could write

user = User.find_by_name_and_password(name, pw)

This is equivalent to

user = User.find(:first,

:conditions => ["name = ? and password = ?", name, pw])

To determine the names of the columns to check, Active Record simply splits the name that follows the find_by_ or find_all_by_ around the string _and_. This is good enough most of the time but breaks down if you ever have a column name such as tax_and_shipping. In these cases, you’ll have to use conventional finder methods.

Dynamic finders accept an optional hash of finder parameters, just like those that can be passed to the conventional find method. If you specify :conditions in this hash, these conditions are added to the underlying dynamic finder condition.

five_texan_daves = User.find_all_by_name('dave' , :limit => 5,

:conditions => "state = 'TX'")

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 310

There are times when you want to ensure you always have a model object to work with. If there isn’t one in the database, you want to create one. Dynamic finders can handle this. Calling a method whose name starts find_or_initialize_by_ or find_or_create_by_ will call either new or create on the model class if the finder would otherwise return nil. The new model object will be initialized so that its attributes corresponding to the finder criteria have the values passed to the finder method, and it will have been saved to the database if the create variant is used.

cart = Cart.find_or_initialize_by_user_id(user.id) cart.items << new_item

cart.save

And, no, there isn’t a find_by_ form that lets you use _or_ rather than _and_ between column names.

Reloading Data

In an application where the database is potentially being accessed by multiple processes (or by multiple applications), there’s always the possibility that a fetched model object has become stale—someone may have written a more recent copy to the database.

To some extent, this issue is addressed by transactional support (which we describe on page 383). However, there’ll still be times where you need to refresh a model object manually. Active Record makes this easy—simply call its reload method, and the object’s attributes will be refreshed from the database.

stock = Market.find_by_ticker("RUBY") loop do

puts "Price = #{stock.price}" sleep 60

stock.reload end

In practice, reload is rarely used outside the context of unit tests.

Updating Existing Rows

After such a long discussion of finder methods, you’ll be pleased to know that there’s not much to say about updating records with Active Record.

If you have an Active Record object (perhaps representing a row from our orders table), you can write it to the database by calling its save method. If this object had previously been read from the database, this save will update the existing row; otherwise, the save will insert a new row.

If an existing row is updated, Active Record will use its primary key column to match it with the in-memory object. The attributes contained in the Active Record object determine the columns that will be updated—a column will be

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 311

updated in the database even if its value has not changed. In the following example, all the values in the row for order 123 will be updated in the database table.

order = Order.find(123) order.name = "Fred" order.save

However, in the following example the Active Record object contains just the attributes id, name, and paytype—only these columns will be updated when the object is saved. (Note that you have to include the id column if you intend to save a row fetched using find_by_sql.)

orders = Order.find_by_sql("select id, name, pay_type from orders where id=123") first = orders[0]

first.name = "Wilma" first.save

In addition to the save method, Active Record lets you change the values of attributes and save a model object in a single call to update_attribute.

order = Order.find(123) order.update_attribute(:name, "Barney")

order = Order.find(321) order.update_attributes(:name => "Barney",

:email => "barney@bedrock.com")

The update_attributes method is most commonly used in controller actions where it merges data from a form into an existing database row.

def save_after_edit

order = Order.find(params[:id])

if order.update_attributes(params[:order]) redirect_to :action => :index

else

render :action => :edit end

end

We can combine the functions of reading a row and updating it using the class methods update and update_all. The update method takes an id parameter and a set of attributes. It fetches the corresponding row, updates the given attributes, saves the result to the database, and returns the model object.

order = Order.update(12, :name => "Barney", :email => "barney@bedrock.com" )

You can pass update an array of ids and an array of attribute value hashes, and it will update all the corresponding rows in the database, returning an array of model objects.

Report erratum

CRUD—CREATE, READ, UPDATE, DELETE 312

Finally, the update_all class method allows you to specify the set and where clauses of the SQL update statement. For example, the following increases the prices of all products with Java in their title by 10%.

result = Product.update_all("price = 1.1*price", "title like '%Java%'")

The return value of update_all depends on the database adapter; most (but not Oracle) return the number of rows that were changed in the database.

save, save!, create, and create!

It turns out that there are two versions of the save and create methods. The variants differ in the way they report errors.

•save returns true if the record was saved; nil otherwise.

•save! returns true if the save was successful; raises an exception otherwise.

•create returns the Active Record object regardless of whether it was successfully saved. You’ll need to check the object for validation errors if you want to determine whether the data was written.

•create! returns the Active Record object on success; raises an exception otherwise.

Let’s look at this in a bit more detail.

Plain old save returns true if the model object is valid and can be saved.

if order.save

#all OK

else

#validation failed

end

It’s up to you to check on each call to save that it did what you expected. The reason Active Record is so lenient is that it assumes that save is called in the context of a controller’s action method and that the view code will be presenting any errors back to the end user. And for many applications, that’s the case.

However, if you need to save a model object in a context where you want to make sure that all errors are handled programmatically, you should use save!. This method raises a RecordInvalid exception if the object could not be saved.

begin order.save!

rescue RecordInvalid => error

# validation failed end

Report erratum