|
|
|
|
|
|
by billroberts
6471 days ago
|
|
|
It would be crazy to assign unfiltered params to your model objects/DB and I would be astonished if anyone did it - except I suppose inexperienced programmers following simplified example code. But if you code web apps without knowing roughly what you're doing, you're going to fall into security traps whatever framework you use. |
|
|