Ben, I suspect that you'll need to provide some more specific examples. I also suspect that you're possibly over thinking things a bit (possibly due to how you might have approached problems like this in previous languages/frameworks)
Robby On Sat, Dec 20, 2008 at 3:09 PM, Ben Knight <[email protected]> wrote: > > Frederick Cheung wrote: >> If you read the docs, you would know that this sanitizes parameters >> precisely to guard against such injection :-) > > > Sorry, guys; my bad. I should have explained that I'm probably least > worried about ActiveRecord.find stuff (even though I threw that example > up) and more worried about params in general (i.e. ones not passed to > ActiveRecord.find) and also worried about > ActiveRecord::Base.connection.select_all, count_by_sql, etc. I do have > methods that accept params for non-ActiveRecord in a couple of places. > > I have used many of ActiveRecord's validation callbacks (e.g. > validate_presence_of) but I'll dig deeper into those. However, I'm > looking for a generic, non-ActiveRecord, params validation stuff. If > you know of any, please let me know. > > Thanks again, everyone. > -- > Posted via http://www.ruby-forum.com/. > > > > -- Robby Russell Chief Evangelist, Partner PLANET ARGON, LLC design // development // hosting http://www.planetargon.com/ http://www.robbyonrails.com/ aim: planetargon +1 503 445 2457 +1 877 55 ARGON [toll free] +1 815 642 4068 [fax] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
