|
|
|
|
|
|
by acconrad
3884 days ago
|
|
|
Perhaps Github isn't on Rails 4.2, but they've already created a method for sanitizing SQL like statements in ActiveRecord::Sanitization[1], so they shouldn't need a custom function to remove SQL injection. Also, you could always just use ActiveRecord::Base.connection.quote which will safely quote the string you want to input. [1] http://apidock.com/rails/ActiveRecord/Sanitization/ClassMeth... |
|
|