What's the most recommended technique for guarding Rails HTTP params?
For example, something like this can obviously be dangerous (e.g. SQL
injection)
user_account = UserAccount.find(:first, :conditions => ["username =
?", params[:id])
I am about to write a home-grown validation routine to check for string
lengths, data types (e.g. numeric versus string, depending on what I'm
expecting), etc. but I wasn't sure if there are existing
plugins/libraries out there.
I was considering writing something like this:
id = validate_params(params[:id], "string", 10) # 10 being
max_length
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
