|
|
|
|
|
|
by benmmurphy
4870 days ago
|
|
|
nice find. there is sql injection in 2.3.x and it effects all adapters and not just postgresql. i just tried quoted_id and it works against mysql on 3.2.x as well. quoted_id is defined in abstract/quoting.rb and any adapter that forwards quotes to the superclass will use it. |
|
|