2009/9/7 Salil Gaikwad <[email protected]>: > > Hi All, > > What is the best way for the sql injectioning. > > I have problem with field named "name" that if we enter improper value > like salil's system get crashed. it gives error Mysql::Error: You have > an error in your SQL syntax; check the manual that corresponds to your > MySQL server version for the right syntax to use near 's' and > parent_id= 21) LIMIT 1 at line 1: SELECT * FROM `categories` WHERE > (name='salil's' and parent_id= 21) LIMIT 1
What does the code that generated this sql look like? Colin > > how to avoid that i wwant either of this two > 1] user cannot create category with special characters like ' , < > > 2] if user enter name with special characteres system shouldn't get > crashed for any situation. > > Thanks & Regards, > > Salil Gaikwad > -- > Posted via http://www.ruby-forum.com/. > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
