This page contains automated test results for code from O'Reilly's Ruby Cookbook. If this code looks interesting or useful, you might want to buy the whole book.
| Preventing SQL Injection Attacks | ||
|---|---|---|
| Code | Expected | Actual |
require 'cookbook_dbconnect'
activerecord_connect
class Name < ActiveRecord::Base
def self.by_last(name)
find_all ["last = ?", name]
end
end
Name.by_last("Richardson").size |
1 | 1 |
Name.by_last(%{" or 1=1}).size |
0 | 0 |
class Name
def self.by_last(name)
find_all ["last = :last", {:last => name}]
end
end
Name.by_last("Richardson").size |
1 | 1 |