mercredi 21 avril 2021

How can I prevent SQL injection in following rails query?

Data is a param in the below statement :

condition = params["id"].present? ? "employers.status = '#{params["id"].upcase}' and employers.task = '#{data.upcase}'" : "employers.task.rdu = '#{data.upcase}'"

Aucun commentaire:

Enregistrer un commentaire