RailsCasts Pro episodes are now free!

Learn more or hide this

Noah Hendrix's Profile

This user is a moderator.

GitHub User: noahhendrix

Site: http://noahhendrix.com

Comments by Noah Hendrix


You might want to look into Ernie Miller's Ransack gem https://github.com/ernie/ransack


The method you describe is more susceptible to SQL injection, in my opinion. It's better to compare in the code instead of letting the DB do the authenticating. This also benefits from separation of concerns, the DB is responsible for storing and retrieving data not authenticating a user.