发表新帖
发表新帖

Rails SQL injection?

后端 未结
关注
3 1253
长发绾君心
长发绾君心 2020-12-05 02:42

In Rails, when I want to find by a user given value and avoid SQL injection (escape apostrophes and the like) I can do something like this:

Post.all(:conditi
相关标签:
3条回答
  • 轻奢々
    2020-12-05 02:52

    Yes, it does. Only the second one is dangerous.

    0 讨论(0)
  • 遥遥无期
    2020-12-05 02:57

    +1 @fphilipe and @yuval Check this 5 min video from railscast and this one from rails guide

    0 讨论(0)
  • 抹茶落季
    2020-12-05 03:00

    One good reference from the RoR Guides.

    0 讨论(0)
 看不清?
提交回复
热议问题