Month: September 2007
-
Create from params and secure searching
I ran on issue. I have users created with User.create(params[:form]) and this is secure, in terms of SQL injection. And how I should find user by email using find with :conditions? Create method does not escape @ sign, but :conditions => [“email = ?”, params[:email]]) does escape, so user@domain (inserted to DB by create method)…
-
Exception notification – must have for every Rails application
In every application I’m using excellent plugin called exception notification. Well, almost in every one, since I had forget to include it in Run-N-Share. When my friend have told me about some error he noticed in RNS I have enlightenment moment, and now RNS works with EN plugin. Exception notification plugin is tool which enables…