SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Wizard Darren884's Avatar
    Join Date
    Aug 2003
    Location
    Southern California, United States
    Posts
    1,616
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Best way to product safe SQL statements?

    I am using

    Code:
    find(:first, :conditions => ['username = :username AND password = :password', {:username => username, :password => Digest::SHA1.hexdigest(password)}])

    for a query,

    however I am unsure if it sanitizes the binding properties... can anyone tell me? Thanks
    Have a good day.

  2. #2
    l 0 l silver trophybronze trophy lo0ol's Avatar
    Join Date
    Aug 2002
    Location
    Palo Alto
    Posts
    5,329
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Yup; you're safe.

    Here's the link to the relevant Rails guide on it: http://guides.rubyonrails.org/security.html#_injection

    Fun part about it is dynamic finders are covered, too, like find_by_first_name_and_fifth_name.

  3. #3
    SitePoint Wizard Darren884's Avatar
    Join Date
    Aug 2003
    Location
    Southern California, United States
    Posts
    1,616
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Alright thanks man, this framework is really impressing me!
    Have a good day.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •