find_by_sql without a table ...

Eric_Anderson2 (Eric Anderson) December 10, 2007, 11:41pm 1

Raimon Fs wrote:

In this controller, I send this string inside a find_by_sql(params[:expert_command])

I assume you are processing this SQL to avoid SQL Injection attacks right?

Eric

Topic		Replies	Views
Find_by using params.expect - vulnerable to SQL injection? rubyonrails-talk security	6	106	August 1, 2025
find_by_sql sanity check rubyonrails-talk	1	106	January 20, 2007
find_by_sql rubyonrails-talk	8	145	September 8, 2010
Is find(params[:id]) safe? rubyonrails-talk	4	198	July 27, 2008
find instead of find_by_sql rubyonrails-talk	5	160	September 17, 2010