Jeffrey L. Taylor wrote: > Quoting CoolAJ86 <[email protected]>: >> [:jobs, :photos]) > :conditions => > "jobs.name LIKE 'Teacher%' AND group_id = #{current_contact.group}" > > HTH, > Jeffrey
Passing a string to :conditions like this welcomes sql injection attacks So can it be avoided and pass an array instaed like in last post by fred?Am I right? Sijo -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
