djburdick
Reputation: 11950
rails 3 sanitize sql in offset method
offset = params[:offset]
Player.order('rank desc').
limit(RESULTS_PER_PAGE).
offset(['?', offset])
I want to sanitize the offset that is sent by the user. The above seems to work in where methods, but doesn't work here.
Ideas on how to sanitize this offset without writing out the whole query?
Upvotes: 1
Views: 481
Answers (1)
Franck Verrot
Reputation: 1041
You could use offset = params[:offset].to_i as explained in Rails' Security Mailing List
Upvotes: 2
Related Questions
- Rails sanitize user input in active record query
- ActiveRecord#sanitize_sql_array method changes integer to string
- How to sanitize sql fragment in Rails
- sanitize_sql_array in Rails 4
- rails sanitize for subquery
- Rails, how to sanitize SQL in find_by_sql
- How can I sanitise this SQL query?
- How to sanitize raw SQL in Rails 4
- How to Sanitize the SQL in Rails?
- Sanitize SQL in custom conditions