Forum Discussion
Bronze IIRails: SQL Injection (Bugged?)
IDK what's going on with this lab but sometimes it tells me my code works sometimes it tells me it doesn't? The instructions tell you exactly what to do I follow those and it still claims it's insecure? Is there something else that needs to be done with this?
I can post the code that I'm trying to submit if someone would like, but I was able to do all the ones before very easily and the one right after but this one either has something else that needs to be done that isn't clearly stated or it's bugged.
I was able to complete the lab by using an InPrivate browser. Then it showed me that my code didn't work so I was able to find the syntax error. After looking into it having the "Input sanitization" when defining routes was the issues.
The code works and is secure when I use the command below on line 9.
@routes = current_user.routes.where("title LIKE ?", "%#{params[:search]}%")
When mentioning something for the first time in a lab it's not a good idea to show an example of an OBR that is wrong. That was confusing and should be clarified/adjusted.Input sanitization
1 Reply
- Wilburritos
I was able to complete the lab by using an InPrivate browser. Then it showed me that my code didn't work so I was able to find the syntax error. After looking into it having the "Input sanitization" when defining routes was the issues.
The code works and is secure when I use the command below on line 9.
@routes = current_user.routes.where("title LIKE ?", "%#{params[:search]}%")
When mentioning something for the first time in a lab it's not a good idea to show an example of an OBR that is wrong. That was confusing and should be clarified/adjusted.Input sanitization
