Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class MoviesController
- def search
- movies = Movie.where("name = '#{params[:title]}'") # UNSAFE!
- # movies = Movie.where("name = ?", params[:title]) # safe
- end
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement