Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Does ModelName.new protect against sql injection?
Example:
@user = User.new(params[:user])
@user.save
I’ve read the rails security docs and didn’t see anything about inserts via Model.new.
Thanks!
Model.newhas nothing to do with SQL injection as it is not the method that writes to the database .It is the
Model.savethat actually writes to the database and takes care of SQL injection .