sql - rails active record nuances and protecting against injection attacks -


When I do a query ...

Any help between using help Whether there is a significant difference or

booking.find_all_by_user_id (1,: joins = & gt;)

;; Confirmation) booking.fund (: all ,: joins = & gt;: confirmation, conditions => ['bookings.user_id =?', 1])

No, about the injection attacks, the find_by method should be safe, however, the sole killer's fault, the user code is directly related to his / her Terms while using the inside of the Ultimate, such as using the search method, such as:

  book.find (: all :: joins = & gt ;: confirmation, terms => ['bookings.user_id = # {params [user_id]]}'])   

Exactly this is the way you have done and will filter things out with the Find method.

  Booking.find (: all ,: joins = & gt ;: confirmation, terms => ['booking.user_id =?', Parameters [user_id]])  

Comments

Popular posts from this blog

MySql variables and php -

url rewriting - How to implement the returnurl like SO in PHP? -

Which Python client library should I use for CouchdB? -