user108031
Reputation: 35
Escaping Characters Rails
I want to escape the inputs to this form so that when its enter in the database characters like .'* won't affect the update. How would I encode the characters to achieve the goal stated above.
<% form_for @post, :url => {:action => :createInnovation } do |form| %>
<fieldset>
<p> Title: <br/><%= form.text_field :title, :html => {:class => "text ui-widget_content ui-corner-all" } %> </p>
<p> Description: <br/> <%= form.text_area :body, :html => {:class => "text ui-widget_content ui-corner-all" } %> </p>
</fieldset>
<%end%>
Upvotes: 0
Views: 627
Answers (1)
wgpubs
Reputation: 8261
ActiveRecord will automatically escape any characters as needed to prevent sql injection. Is that what you're concerned about? If so, Rails has you covered.
Upvotes: 4
Related Questions
- Escaping values in Rails (similar to mysql_real_escape_string())
- How to sanitize sql fragment in Rails
- Accessing string in database without adding escape characters
- Rails ActiveRecord sanitize_sql replaces ? in string
- Ruby on Rails: How to sanitize a string for SQL when not using find?
- Rails sanitize method adding double quotes
- Ruby/Rails - How do I prevent character escaping (or unescape afterwards)?
- How can I tell Rails to not encode special characters in a string?
- Ruby on Rails: How best to escape a string in a model?
- How to escape string in Ruby to protect against SQL Injection? (No Rails)