Hi, Yes that is safe. Was confused by this myself a couple of days ago.
Cheers, Johan On Fri, Nov 27, 2009 at 6:14 PM, Sergio Sergio <[email protected]>wrote: > Hello everybody, I would like to ask you if it is safe to use the LIKE > clause as follow: > > Artilce.find(:all, :conditions => ["title LIKE ?", '%' + params[:title] > +'%']) > > Is it safe for sql iyection ? or do I need to escape all characters ??? > > Thanks in advance > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<rubyonrails-talk%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
