#25 SQL Injection

Apr 30, 2007 | 5 minutes | Active Record, Security, Forms

One of the most common security problems for dynamic sites is SQL Injection. Thankfully Rails does everything it can in solving this issue, but you still need to be aware of it.

Click to Play Video ▶

Download:
mp4Full Size H.264 Video (10.2 MB)
m4vSmaller H.264 Video (6.24 MB)
webmFull Size VP8 Video (14.7 MB)
ogvFull Size Theora Video (13 MB)

Show Notes
ASCIIcast
10 Comments
Similar Episodes
Next Episode >
< Previous Episode

          tasks_controller.rb
        
def index
  @tasks = Task.find(:all, :conditions => ["name LIKE ?", "%#{params[:query]}%"])
end