Fix a typo in ActiveRecord::Sanitization documentation
This commit is contained in:
parent
d7f36c9a1f
commit
75fa74325a
@ -23,7 +23,7 @@ module ClassMethods
|
||||
# Note that this sanitization method is not schema-aware, hence won't do any type casting
|
||||
# and will directly use the database adapter's +quote+ method.
|
||||
# For MySQL specifically this means that numeric parameters will be quoted as strings
|
||||
# to prevent query manimupation attacks.
|
||||
# to prevent query manipulation attacks.
|
||||
#
|
||||
# sanitize_sql_for_conditions(["role = ?", 0])
|
||||
# # => "role = '0'"
|
||||
@ -55,7 +55,7 @@ def sanitize_sql_for_conditions(condition)
|
||||
# Note that this sanitization method is not schema-aware, hence won't do any type casting
|
||||
# and will directly use the database adapter's +quote+ method.
|
||||
# For MySQL specifically this means that numeric parameters will be quoted as strings
|
||||
# to prevent query manimupation attacks.
|
||||
# to prevent query manipulation attacks.
|
||||
#
|
||||
# sanitize_sql_for_assignment(["role = ?", 0])
|
||||
# # => "role = '0'"
|
||||
@ -145,7 +145,7 @@ def sanitize_sql_like(string, escape_character = "\\")
|
||||
# Note that this sanitization method is not schema-aware, hence won't do any type casting
|
||||
# and will directly use the database adapter's +quote+ method.
|
||||
# For MySQL specifically this means that numeric parameters will be quoted as strings
|
||||
# to prevent query manimupation attacks.
|
||||
# to prevent query manipulation attacks.
|
||||
#
|
||||
# sanitize_sql_array(["role = ?", 0])
|
||||
# # => "role = '0'"
|
||||
|
Loading…
Reference in New Issue
Block a user