This page contains automated test results for code from O'Reilly's Ruby Cookbook. If this code looks interesting or useful, you might want to buy the whole book.

Preventing SQL Injection Attacks
CodeExpectedActual
require 'cookbook_dbconnect'
activerecord_connect
class Name < ActiveRecord::Base
  def self.by_last(name)
    find_all ["last = ?", name]
  end
end
Name.by_last("Richardson").size
1 1
Name.by_last(%{" or 1=1}).size
0 0
class Name 
  def self.by_last(name)
    find_all ["last = :last", {:last => name}]
  end
end
Name.by_last("Richardson").size
1 1