Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Does Rails automatically protect against vulnerabilities of doing something like:
Given a URL: http://a.com/?id=3131313131313
then in the rails controller
@comment = Comment.find(params[:id])
Does Rails auto protect that, or do I need to do some type of validation to protect the app from hackers?
Thanks
ActiveRecord find will always use
.to_ito prevent all SQL injection magic.Rails will also auto-escape stuff in queries like this:
But not in