I just dont have the time right now to try this. just wanted to see if there was any documentation the subject because I couldnt find anything that would tell me otherwise. but thanks for your help guys :)
On Friday, 12 April 2013 15:49:42 UTC+2, Julian wrote: > > AFAIK, using the array syntax, or the syntax you used in the where IS NOT > vulnerable to injection attacks. This matches up with my experience. > > You can try this out yourself to verify. > > Julian > > On 12/04/2013, at 9:22 PM, and...@benjamin.dk <javascript:> wrote: > > HI guys, > > I just came through an example on code of the place I work for that said > something like this could be vulnerable to sql injection attacks: > > scope :with_name, lambda { |name| where("LOWER(name) LIKE ?", > name.downcase) } > > I wonder if this is true. My thought is that rails should escape this and > that anything that tried to do something different would fail on the > translation to SQL, but does anybody know exactly what happens behind the > curtains? > > all the best, > > Andre > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-ta...@googlegroups.com <javascript:>. > To post to this group, send email to rubyonra...@googlegroups.com<javascript:> > . > To view this discussion on the web visit > https://groups.google.com/d/msg/rubyonrails-talk/-/sUZMdFuzGT0J. > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/VOAgpv4-pCwJ. For more options, visit https://groups.google.com/groups/opt_out.