RailsCasts Pro episodes are now free!

Learn more or hide this

SQL Injection

#25 SQL Injection

Apr 30, 2007 | 5 minutes | Active Record, Security, Forms
One of the most common security problems for dynamic sites is SQL Injection. Thankfully Rails does everything it can in solving this issue, but you still need to be aware of it.
Click to Play Video ▶
  • Download:
  • mp4Full Size H.264 Video (10.2 MB)
  • m4vSmaller H.264 Video (6.24 MB)
  • webmFull Size VP8 Video (14.7 MB)
  • ogvFull Size Theora Video (13 MB)
Autocomplete Search Terms
Episode #399Dec 31, 201290 comments

Autocomplete Search Terms

Learn how to add autocompletion to a search form and improve performance using Rack middleware, caching and switching from SQL to Redis. (17 minutes)
Watch Episode Read Episode
MiniProfiler
Episode #368Jul 24, 2012107 comments

MiniProfiler

MiniProfiler allows you to see the speed of a request conveniently on the page. It also shows the SQL queries performed and allows you to profile a specific block of code. (9 minutes)
Watch Episode Read Episode
Celluloid
Episode #367Jul 18, 201265 comments

Celluloid

Celluloid puts an object-oriented spin on multi-threaded development. Here I cover the fundamental features of Celluloid in several examples. (11 minutes)
Watch Episode Read Episode
Hacking with Arel
Episode #355May 30, 201270 comments

Hacking with Arel

Here I show a variety of ways to rewrite a long SQL query using only Active Record and Arel. This includes generating scopes dynamically, adding an "or" operator, and adding a powerful "match" method. (15 minutes)
Watch Episode Read Episode
Squeel
Episode #354May 30, 201269 comments

Squeel

Squeel provides a comprehensive DSL for writing SQL queries in Ruby. It is built upon Arel giving you access to many of its powerful features. (9 minutes)
Watch Episode Read Episode