Forum Discussion
Bronze IIRails: SQL Injection (Bugged?)
I was able to complete the lab by using an InPrivate browser. Then it showed me that my code didn't work so I was able to find the syntax error. After looking into it having the "Input sanitization" when defining routes was the issues.
The code works and is secure when I use the command below on line 9.
@routes = current_user.routes.where("title LIKE ?", "%#{params[:search]}%")
When mentioning something for the first time in a lab it's not a good idea to show an example of an OBR that is wrong. That was confusing and should be clarified/adjusted.Input sanitization
Bronze III was able to complete the lab by using an InPrivate browser. Then it showed me that my code didn't work so I was able to find the syntax error. After looking into it having the "Input sanitization" when defining routes was the issues.
The code works and is secure when I use the command below on line 9.
@routes = current_user.routes.where("title LIKE ?", "%#{params[:search]}%")
When mentioning something for the first time in a lab it's not a good idea to show an example of an OBR that is wrong. That was confusing and should be clarified/adjusted.
Input sanitization
