Hugo Estrada's House of Wonder

I was talking with Kate, of Maploser fame, about how one doesn't seem to find posts about ruby information on how to protect from sql injections. Kate, having incredible researching abilities, found this nice little tidbit on Ruby: Quick Visual Start http://my.safaribooksonline.com/9780321580658


db.execute("INSERT into testing (bogus, foo) values (?, ?)", variable1, variable2)


This should work if you are using sqlite3, which happens to be what I am using at the moment.

Bonus note: if you are installing sqlite3 in windows, and you get an error with something about how it can't find the file, copy the sqlite3.dll to the ruby bin folder. I may have blogged that before, but it never hurts to say this again.