[Rails] How to use a parameter with a string?
softwareengineer 99
softwareengineer99 at yahoo.com
Thu Jan 26 02:50:39 GMT 2006
No, I am not using a direct value from the forms.
However, I would appreciate if you can tell me how would one add slashes to the string, or replace the quotes from the input value. I know it can be done in PHP using addslashes and str_replace. What are the appropriate functions in Ruby on Rails?
I am sure many of us starting out on ROR would benefit from your answer.
Thanks for your assistance.
Frank
Justin Bailey <jgbailey at gmail.com> wrote:Now, the fact you are putting this value directly into a SQL statement
might be troubling - it it's from some sort of form submission or URL
you are opening yourself to SQL injection attacks there.
---------------------------------
Do you Yahoo!?
With a free 1 GB, there's more in store with Yahoo! Mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060126/ddc9e2eb/attachment.html
More information about the Rails
mailing list