Frederick Cheung wrote: > If you read the docs, you would know that this sanitizes parameters > precisely to guard against such injection :-)
Sorry, guys; my bad. I should have explained that I'm probably least worried about ActiveRecord.find stuff (even though I threw that example up) and more worried about params in general (i.e. ones not passed to ActiveRecord.find) and also worried about ActiveRecord::Base.connection.select_all, count_by_sql, etc. I do have methods that accept params for non-ActiveRecord in a couple of places. I have used many of ActiveRecord's validation callbacks (e.g. validate_presence_of) but I'll dig deeper into those. However, I'm looking for a generic, non-ActiveRecord, params validation stuff. If you know of any, please let me know. Thanks again, everyone. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
