github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-04-26 03:00:59 -04:00
Code Issues Packages Projects Releases Wiki Activity

Replace example with SQL placeholder syntax.

Browse Source 
This works just fine, is less code, and reduces the risk of someone implementing a SQL injection vulnerability.
This commit is contained in:
Joost Baaij
2011-11-08 16:27:15 +01:00
parent 979f3f894b
commit 1ffd5ec910
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
railties/guides/source/association_basics.textile
View File

@@ -1234,7 +1234,7 @@ If you need to evaluate conditions dynamically at runtime, use a proc:
<ruby>
class Customer < ActiveRecord::Base
has_many :latest_orders, :class_name => "Order",
:conditions => proc { "orders.created_at > #{10.hours.ago.to_s(:db).inspect}" }
:conditions => proc { ["orders.created_at > ?, 10.hours.ago] }
end
</ruby>