Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Preventing SQL Injection/Good Ruby method

What is a good method in Ruby to prevent SQL Injection?

like image 559
Zombies Avatar asked Feb 13 '10 19:02

Zombies


People also ask

Which methods can be used to avoid SQL injection?

Developers can prevent SQL Injection vulnerabilities in web applications by utilizing parameterized database queries with bound, typed parameters and careful use of parameterized stored procedures in the database. This can be accomplished in a variety of programming languages including Java, . NET, PHP, and more.

Does rails prevent SQL injection?

Summary. As you can see, Ruby on Rails, by default, won't save you from all SQL injection attack attempts. Some of the methods of its built-in library, Active Records, prevent these types of attacks automatically, but others don't. However, it's not that difficult to make your application secure.


1 Answers

in straight up ruby? use prepared statements:

require 'mysql'
db = Mysql.new('localhost', 'user', 'password', 'database')
statement = db.prepare "SELECT * FROM table WHERE field = ?"
statement.execute 'value'
statement.fetch
statement.close
like image 69
Mike Sherov Avatar answered Oct 02 '22 04:10

Mike Sherov