|
|
|
|
|
|
by snyff
5124 days ago
|
|
|
So far, I don't think DataMapper is vulnerable. The mapping is not done in the same way (datamapper use hard coded properties). As an example, the following User.all(':email '=> {':id' => '1"'})
will throw ArgumentError: condition ":email " does not map to a property or relationship in User
because of the space before any SQL request is performed.
and User.all(':email '=> {':id' => '1"'})
will create the following query: Query SELECT `id`, `email`, `password` FROM `users` WHERE `email` IN ('[":id", "1\""]') ORDER BY `id`
120602 8:41:03 3 Quit
|
|
|