Rails already has the logic built into it to prevent SQL injection attacks if you follow the right syntax.
Say you are trying to authenticate a user based on their login and password you might be tempted to use a syntax as below:
User.first("login = '#{params[:name]}' AND password = '#{params[:password]}'")
If an attacker enters ’ OR ‘1’=‘1 as the name, and ’ OR ’2’>’1 as the password, the resulting SQL query will be:
SELECT * FROM users WHERE login = '' OR '1'='1' AND password = '' OR '2'>'1' LIMIT 1
This will simply find the first record in the database, and grants access to this user.
To prevent this type of SQL injection simply use the following format.
User.where("login = ? AND password = ?", entered_user_name, entered_password).first
OR
User.where(:login => entered_user_name, :password => entered_password).first
It was really a nice post and i was really impressed by reading this Ruby on Rails Online cOURSE Hyderabad
ReplyDeleteGood content. You write beautiful things.
ReplyDeletevbet
mrbahis
korsan taksi
hacklink
taksi
hacklink
mrbahis
sportsbet
sportsbet
Good text Write good content success. Thank you
ReplyDeletemobil ödeme bahis
betpark
betmatik
bonus veren siteler
tipobet
kralbet
kibris bahis siteleri
slot siteleri
hatay
ReplyDeletekars
mardin
samsun
urfa
J3G0U
https://saglamproxy.com
ReplyDeletemetin2 proxy
proxy satın al
knight online proxy
mobil proxy satın al
UER2E1