This page contains automated test results for code from O'Reilly's Ruby Cookbook. If this code looks interesting or useful, you might want to buy the whole book.
Preventing SQL Injection Attacks | ||
---|---|---|
Code | Expected | Actual |
require 'cookbook_dbconnect' activerecord_connect class Name < ActiveRecord::Base def self.by_last(name) find_all ["last = ?", name] end end Name.by_last("Richardson").size |
1 | 1 |
Name.by_last(%{" or 1=1}).size |
0 | 0 |
class Name def self.by_last(name) find_all ["last = :last", {:last => name}] end end Name.by_last("Richardson").size |
1 | 1 |