ok, thank you 2009/11/27 Johan De Klerk <[email protected]>
> Hi, > > Yes that is safe. Was confused by this myself a couple of days ago. > > Cheers, > Johan > > On Fri, Nov 27, 2009 at 6:14 PM, Sergio Sergio <[email protected]>wrote: > >> Hello everybody, I would like to ask you if it is safe to use the LIKE >> clause as follow: >> >> Artilce.find(:all, :conditions => ["title LIKE ?", '%' + params[:title] >> +'%']) >> >> Is it safe for sql iyection ? or do I need to escape all characters ??? >> >> Thanks in advance >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ruby on Rails: Talk" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<rubyonrails-talk%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/rubyonrails-talk?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<rubyonrails-talk%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
