validating the whole app against dangerous characters

Hi Harp,

Not an expert so take this with a very large pinch of salt.

If your underlying requirement is to stop SQL Injection type attacks
then Ruby by default protects you in many cases.

Code such as User.Find(:parms[id]) would be safe as find would escape
the string making it safe.

If you construct SQL code on the fly such as

"Select * from user where name = #{@user.name}"

then its not safe and you should use the bind variable facility which
is something like

"Select * from user where name = :user_name', {:user_name =>
params[:name] }

Otherwise look into filters. It would be possible to use these I think
but I am not sure if one can do a before_find filter.

As I say large dose of salt as I am pretty new to this.

Also it would be an idea to get a copy of Agile Web Development with
Rails the second edition which is available in PDF form only as it is
still in prerelease form it covers these topics. The second edition of
this book is much better than the first (not that that was bad).

Regards

Sean