Advertisement

sql_injection.rb

saasbook

Jul 11th, 2012

202

0

Never

Add comment

Not a member of Pastebin yet? Sign Up, it unlocks many cool features!

Ruby 0.17 KB | None | 0 0

raw download clone embed print report

class MoviesController
def search
movies = Movie.where("name = '#{params[:title]}'") # UNSAFE!
# movies = Movie.where("name = ?", params[:title]) # safe
end
end

Advertisement

Add Comment

Please, Sign In to add comment

Advertisement

Public Pastes

delo-vcusa.ru: sticky
JavaScript | 49 sec ago | 1.84 KB
🤑 G2A.com Free Gift Card Guide May 2024 FIX 🎁
GetText | 16 min ago | 0.38 KB
xy_vss
C++ | 57 min ago | 4.67 KB
🤑 G2A.com Free Gift Card Guide May 2024 FIX 🤑
GetText | 1 hour ago | 0.39 KB
mongodb_streams
JavaScript | 1 hour ago | 0.58 KB
psql_notify
Go | 1 hour ago | 1.17 KB
дейкстра
C++ | 1 hour ago | 5.48 KB
youlikehitspass
PHP | 2 hours ago | 0.05 KB

Advertisement