Permalink
Browse files

Update active_record_querying.md

he or she => they
  • Loading branch information...
guilleiguaran committed Dec 2, 2013
1 parent 8f7f1ce commit 8a930f8aa5c3ec963a8f6063ec742f889919df4e
Showing with 1 addition and 1 deletion.
  1. +1 −1 guides/source/active_record_querying.md
@@ -436,7 +436,7 @@ to this code:
Client.where("orders_count = #{params[:orders]}")
```
because of argument safety. Putting the variable directly into the conditions string will pass the variable to the database **as-is**. This means that it will be an unescaped variable directly from a user who may have malicious intent. If you do this, you put your entire database at risk because once a user finds out he or she can exploit your database they can do just about anything to it. Never ever put your arguments directly inside the conditions string.
because of argument safety. Putting the variable directly into the conditions string will pass the variable to the database **as-is**. This means that it will be an unescaped variable directly from a user who may have malicious intent. If you do this, you put your entire database at risk because once a user finds out they can exploit your database they can do just about anything to it. Never ever put your arguments directly inside the conditions string.
TIP: For more information on the dangers of SQL injection, see the [Ruby on Rails Security Guide](security.html#sql-injection).

0 comments on commit 8a930f8

Please sign in to comment.