I just dont have the time right now to try this. just wanted to see if
there was any documentation the subject because I couldnt find anything
that would tell me otherwise. but thanks for your help guys :)
On Friday, 12 April 2013 15:49:42 UTC+2, Julian wrote:
>
> AFAIK, using the array syntax, or the syntax you used in the where IS NOT
> vulnerable to injection attacks. This matches up with my experience.
>
> You can try this out yourself to verify.
>
> Julian
>
> On 12/04/2013, at 9:22 PM, and...@benjamin.dk <javascript:> wrote:
>
> HI guys,
>
> I just came through an example on code of the place I work for that said
> something like this could be vulnerable to sql injection attacks:
>
> scope :with_name, lambda { |name| where("LOWER(name) LIKE ?",
> name.downcase) }
>
> I wonder if this is true. My thought is that rails should escape this and
> that anything that tried to do something different would fail on the
> translation to SQL, but does anybody know exactly what happens behind the
> curtains?
>
> all the best,
>
> Andre
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rubyonrails-ta...@googlegroups.com <javascript:>.
> To post to this group, send email to rubyonra...@googlegroups.com<javascript:>
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msg/rubyonrails-talk/-/sUZMdFuzGT0J.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
>
>
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to rubyonrails-talk+unsubscr...@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/VOAgpv4-pCwJ.
For more options, visit https://groups.google.com/groups/opt_out.
