Is this escaped, or is it vulnerable to sql injection? Is there a
syntax that allows something like
WHERE ps.post_id = ?
If so, what is it? My attempts so far don't work.
Is this escaped, or is it vulnerable to sql injection? Is there a
syntax that allows something like
WHERE ps.post_id = ?
If so, what is it? My attempts so far don't work.
Don't know, but at a minimum you could change it to #{id.to_i} to force it to return an integer value...