Jason Fb wrote in post #1150058: > However, as you are considering writing raw SQL, keep in mind the danger > of SQL injection. Beyond the reason stated to keep your SQL > database-independant (which is strange advice IMO since it is very rare > to move between data stores on a large project,
Not so rare. For example, I do the development with SQLite, but the production is on Heroku and uses Postgres, and customers might want to use MySql. > and even if you do it is > pretty easy to re-write SQL), the most important thing here is that you > don't a security vulnerability for SQL injection. Oh, you are absolutely right. I see the danger. These are the times where I'm missing Perl's concept of "tainted" strings... Ronald -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/1ae514b05a2105595d87d403a9bd60b8%40ruby-forum.com. For more options, visit https://groups.google.com/d/optout.
