ruby on rails does update_attributes protect against sql injection? | ansaurus

tags:

views:

11

answers:

0

Q:

ruby on rails does update_attributes protect against sql injection?

Does update_attributes protect against sql injection?

Example:

 if @user.update_attributes(params[:user])
     # updated
 end

I know find(), and {} and [] do in find :conditions, but didn't see any info on this method.

related questions

Backup SQL Schema Only?

Sql to query a dbs scheme

Timer-based event triggers

Sql query, count and group by

Paging SQL Server 2005 Results

SQL 2005 For XML Explicit - Need help formatting

How do I use T-SQL Group By

What all do I need to escape when sending a (My)SQL query?

Split String in SQL

Datatable vs Dataset

ASP.NET MVC "CRUD" Database Sample

Convert HashBytes to VarChar

Best Book for a new Database Developer

What is the best way to avoid SQL injection attacks?

What language do you use for Postgresql triggers and stored procedures?

What is the best way to handle multiple permission types?

How do I index a database field

Swap unique indexed column values in database.

cx_Oracle - what is the best way to iterate over a result set?

cx_Oracle - How do I access Oracle from Python?

Is there a version control system for database structure changes?

How to export data from SQL Server 2005 to MySQL

ASP.NET Site Maps

Decoding T-SQL CAST in C#/VB.net

Flat File Databases in PHP