https://github.com/paractmol/cuttable

Escape SQL injection when you order with params
https://github.com/paractmol/cuttable

Last synced: 12 months ago
JSON representation

Escape SQL injection when you order with params

Host: GitHub
URL: https://github.com/paractmol/cuttable
Owner: paractmol
Created: 2018-01-11T15:49:53.000Z (about 8 years ago)
Default Branch: master
Last Pushed: 2018-01-12T10:22:07.000Z (about 8 years ago)
Last Synced: 2025-02-22T13:51:18.312Z (about 1 year ago)
Language: Ruby
Size: 7.81 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

          # cuttable

Escape SQL injection when you order with params

## Getting started

1. Add inside your Gemfile

       gem 'cuttable'

2. Include concern and execute default_order to set default order for

sanitize_order method.

  ```ruby

  class User < ActiveRecord::Base

    include Cuttable        # include concern

    default_order 'id desc' # set default order for sanitize_order method

  end

  ```

## Usage

```ruby

# good queries

params[:order] = 'id DESC'

User.sanitize_order(params[:order])

params[:order] = 'id, username DESC'

User.sanitize_order(params[:order])

# bad query

params[:order] = 'id, (select sleep(2000) from dual where database() like database())#'

# it should back off to the default query you set with default_order

User.sanitize_order(params[:order])

```

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/paractmol/cuttable

Awesome Lists containing this project

README