Printable View
I am using
Code:find(:first, :conditions => ['username = :username AND password = :password', {:username => username, :password => Digest::SHA1.hexdigest(password)}])
for a query,
however I am unsure if it sanitizes the binding properties... can anyone tell me? Thanks
Yup; you're safe.
Here's the link to the relevant Rails guide on it: http://guides.rubyonrails.org/security.html#_injection
Fun part about it is dynamic finders are covered, too, like find_by_first_name_and_fifth_name.
Alright thanks man, this framework is really impressing me!