Hi All, What is the best way for the sql injectioning.
I have problem with field named "name" that if we enter improper value like salil's system get crashed. it gives error Mysql::Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's' and parent_id= 21) LIMIT 1 at line 1: SELECT * FROM `categories` WHERE (name='salil's' and parent_id= 21) LIMIT 1 how to avoid that i wwant either of this two 1] user cannot create category with special characters like ' , < > 2] if user enter name with special characteres system shouldn't get crashed for any situation. Thanks & Regards, Salil Gaikwad -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
