sql - rails active record nuances and protecting against injection attacks -
When I do a query ...
Any help between using help Whether there is a significant difference or
booking.find_all_by_user_id (1,: joins = & gt;) ;; Confirmation) booking.fund (: all ,: joins = & gt;: confirmation, conditions => ['bookings.user_id =?', 1])
No, about the injection attacks, the find_by
method should be safe, however, the sole killer's fault, the user code is directly related to his / her Terms
while using the inside of the Ultimate, such as using the search
method, such as:
book.find (: all :: joins = & gt ;: confirmation, terms => ['bookings.user_id = # {params [user_id]]}']) Exactly this is the way you have done and will filter things out with the Find
method.
Booking.find (: all ,: joins = & gt ;: confirmation, terms => ['booking.user_id =?', Parameters [user_id]])
Comments
Post a Comment