Displaying 1 result from an estimated 1 matches for "sort_hash".
2006 Dec 04
10
Avoiding SQL Injection in :order?
This thread references:
http://www.ruby-forum.com/topic/90258#new
http://www.ruby-forum.com/topic/82349#143790
ActiveRecord''s find() method has built in ways to avoid SQL injection by
using the format
> :conditions => [ "user_name = ?", user_name]
Is there any such system for escaping injection in :order? It seems to
only take a string and feed it to the SQL