I am developing a secure Rails app on a secure internal server, though I still want to protect it from any kind of SQL injections or XSS attacks. I know that if I have a search box I can use something like this in my MODEL to protect the app from SQL injections:
def self.search(search)
Project.where("project_title LIKE ?"
"%#{search.strip}%"
end
What about having a submit form with direct actions to a database, say a form on projects/new do I need to protect that input from SQL injections as well, and if so, how can I achieve this?
Aucun commentaire:
Enregistrer un commentaire