ferromir · March 20, 2015 05:35
diff --git a/gistfile1.rb b/gistfile1.rb
 # This bypasses id == 1 condition and deletes all records

 params[:id] = "1) OR 1=1--"
 User.delete_all("id = #{params[:id]}")

 # Produce:
 # DELETE FROM "users" WHERE (id = 1) OR 1=1--)

 # Bad
 Project.where("name = '#{params[:name]}'")

 # Good
 Project.where("name = ?", params[:name])
	# This bypasses id == 1 condition and deletes all records

	params[:id] = "1) OR 1=1--"
	User.delete_all("id = #{params[:id]}")

	# Produce:
	# DELETE FROM "users" WHERE (id = 1) OR 1=1--)

	# Bad
	Project.where("name = '#{params[:name]}'")

	# Good
	Project.where("name = ?", params[:name])