SQL Injection

AnyModel.where("id=#{query_id}")
#should be
AnyModel.where( "id= ?", query_id)

Reference

results matching ""

    No results matching ""