Displaying 1 result from an estimated 1 matches for "pcwj".
Did you mean:
pcwd
2013 Apr 12
4
rails named scopes and sql injection
HI guys,
I just came through an example on code of the place I work for that said
something like this could be vulnerable to sql injection attacks:
scope :with_name, lambda { |name| where("LOWER(name) LIKE ?",
name.downcase) }
I wonder if this is true. My thought is that rails should escape this and
that anything that tried to do something different would fail on the
translation