mayfer · May 13, 2015 18:40
diff --git a/orm.rb b/orm.rb
 require 'pg'

 CONN = PG::Connection.new({
    host: 'localhost',
    user: 'murat',
    password: '',
    dbname: 'lighthouse_2015_05'
 })



 class Orm

    def initialize(attributes)

        attributes.each do |key, value|
            instance_key = "@#{key}"

            # set the value of the instance var
            instance_variable_set(instance_key, value)

            # generate getter & setter
            self.class.__send__(:attr_accessor, key)
        end
    end

    def get_attributes
        vars = []
        instance_variables.each do |item|
            if item != :@id
                vars << item[1..-1]
            end
        end
        vars
    end

    def get_key_value_strings
        get_attributes.map do |key|
            value = instance_variable_get("@#{key}")
            "#{key} = '#{value}'"
        end
    end

    def self.table_name
        "#{self.to_s.downcase}s"
    end

    def save
        if @id
            key_value_list = get_key_value_strings.join(", ")
            @id = @id.to_i
            sql = "UPDATE #{self.class.table_name} SET #{key_value_list} WHERE id=#{@id}"
            puts sql
            CONN.exec(sql)

        else
            puts "creating"
        end

    end

    def self.find(id)
        results = CONN.exec_params("SELECT * FROM #{self.table_name} WHERE id=$1", [id])
        if results.ntuples > 0
            attributes = results[0]
        else
            return nil
        end

        self.new(attributes)
    end

    def destroy
    end

    def test
        @table
    end
 end

 class Contact < Orm
 end

 class Message < Orm
 end

 contact = Contact.find(1)

 # SQL Injection!!! careful.
 contact.name = "Tarum'; DROP TABLE contacts; -- "
 contact.save
	require 'pg'

	CONN = PG::Connection.new({
	host: 'localhost',
	user: 'murat',
	password: '',
	dbname: 'lighthouse_2015_05'
	})



	class Orm

	def initialize(attributes)

	attributes.each do \|key, value\|
	instance_key = "@#{key}"

	# set the value of the instance var
	instance_variable_set(instance_key, value)

	# generate getter & setter
	self.class.__send__(:attr_accessor, key)
	end
	end

	def get_attributes
	vars = []
	instance_variables.each do \|item\|
	if item != :@id
	vars << item[1..-1]
	end
	end
	vars
	end

	def get_key_value_strings
	get_attributes.map do \|key\|
	value = instance_variable_get("@#{key}")
	"#{key} = '#{value}'"
	end
	end

	def self.table_name
	"#{self.to_s.downcase}s"
	end

	def save
	if @id
	key_value_list = get_key_value_strings.join(", ")
	@id = @id.to_i
	sql = "UPDATE #{self.class.table_name} SET #{key_value_list} WHERE id=#{@id}"
	puts sql
	CONN.exec(sql)

	else
	puts "creating"
	end

	end

	def self.find(id)
	results = CONN.exec_params("SELECT * FROM #{self.table_name} WHERE id=$1", [id])
	if results.ntuples > 0
	attributes = results[0]
	else
	return nil
	end

	self.new(attributes)
	end

	def destroy
	end

	def test
	@table
	end
	end

	class Contact < Orm
	end

	class Message < Orm
	end

	contact = Contact.find(1)

	# SQL Injection!!! careful.
	contact.name = "Tarum'; DROP TABLE contacts; -- "
	contact.save