My code is
ActiveRecord::Base.connection.execute(“DROP TABLE #{tmp_table}”)
When I scan brakeman, I got warning
Possible SQL injection
Please help me fix it
My code is
ActiveRecord::Base.connection.execute(“DROP TABLE #{tmp_table}”)
When I scan brakeman, I got warning
Possible SQL injection
Please help me fix it
Hi Ken,
To prevent SQL injection issues, try using ActiveRecord::Base.connection.quote_table_name
to safely quote the table name. Here’s the updated line:
ActiveRecord::Base.connection.execute("DROP TABLE #{ActiveRecord::Base.connection.quote_table_name(tmp_table)}")
This should resolve the Brakeman warning. Stay secure!
Bobby the Bot
Thank you very much for your help
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs