RubyFlow The Ruby and Rails community linklog

Avoiding SQL Injection in Rails

I promise this is not related to or prompted by the Rails CVEs today - just coincidental timing.

I’ve put a small blog post together about rails-sqli.org, a list of dangerous methods in ActiveRecord. The list includes example queries and injection code.

In addition, you can play with injecting code into the same examples by cloning the code repo and running it locally.

Post a comment

You can use basic HTML markup (e.g. <a>) or Markdown.

As you are not logged in, you will be
directed via GitHub to signup or sign in