6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Is this SQL statement vulnerable to SQL injection?\",\"text\":\"

My index action is

\\n\\n

def index\\n  @users = User.without_user(current_user)\\nend\\n

\\n\\n

where without_user is a scope

\\n\\n

scope :without_user, lambda {|user| where(\\\"id <> :id\\\", :id => user.id) }\\n

\\n\\n

I was wondering if this is the most secure way to implement this or is it vulnerable ?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Ahmad Al-kheat\"},\"upvoteCount\":3,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

looks fine. If the data is interpolated then it should be safe which looks like the case here.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"AshwinKumarS\"},\"upvoteCount\":2}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","sql",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/sql/1","children":"sql"}]}],["$","span","ruby-on-rails",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/ruby-on-rails/1","children":"ruby-on-rails"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/nDtef.png?s=256","alt":"Ahmad Al-kheat","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/3247496/ahmad-al-kheat","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Ahmad Al-kheat"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",1795]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Is this SQL statement vulnerable to SQL injection?"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

My index action is

\n\n

def index\n  @users = User.without_user(current_user)\nend\n

\n\n

where without_user is a scope

\n\n

scope :without_user, lambda {|user| where(\"id <> :id\", :id => user.id) }\n

\n\n

I was wondering if this is the most secure way to implement this or is it vulnerable ?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",3]}],["$","p",null,{"children":["Views: ",91]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","29100238",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/9c011260d48a16e9b40a802f837675fa?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"user3118220","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/3118220/user3118220","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"user3118220"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",1468]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

It looks good, here sql injection will not work

\n\n

Note Additional, In Rails 4, you can use not syntax:

\n\n

scope :without_user, lambda {|user| where.not(id: user.id) }\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",2]}]}]]}],["$","div","29099424",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/2a1beeb83f38d8dc7c1499b686161613?s=256&d=identicon&r=PG","alt":"AshwinKumarS","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/1891599/ashwinkumars","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"AshwinKumarS"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",1313]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

looks fine. If the data is interpolated then it should be safe which looks like the case here.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",2]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","71766223",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/71766223","className":"text-blue-600 hover:underline","children":"Is this vulnerable to sql injection or not?"}]}],["$","li","60147443",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/60147443","className":"text-blue-600 hover:underline","children":"Is a given sql statement vulnerable to a sql injection attack?"}]}],["$","li","47325706",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/47325706","className":"text-blue-600 hover:underline","children":"Rails SQL injection vulnerability"}]}],["$","li","31899304",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/31899304","className":"text-blue-600 hover:underline","children":"Should this be considered an SQL injection risk?"}]}],["$","li","30427293",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/30427293","className":"text-blue-600 hover:underline","children":"SQL Injection in Rails"}]}],["$","li","29149025",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/29149025","className":"text-blue-600 hover:underline","children":"Could this ActiveRecord/SQL statement in my code base be susceptible to SQL injection?"}]}],["$","li","18326010",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/18326010","className":"text-blue-600 hover:underline","children":"Is this Ruby on Rails code vulnerable to SQL injection?"}]}],["$","li","15470457",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/15470457","className":"text-blue-600 hover:underline","children":"Rails: Sql injection concern?"}]}],["$","li","15399467",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/15399467","className":"text-blue-600 hover:underline","children":"Rails is this query open to sql injection?"}]}],["$","li","12127496",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/12127496","className":"text-blue-600 hover:underline","children":"Is this prone to SQL injection?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Is this SQL statement vulnerable to SQL injection?

Answers (2)

Related Questions