Join Kevin Skoglund for an in-depth discussion in this video Escaping input, part of Ruby on Rails 3 Essential Training.
We've talked about escaping input already back in the chapter on active record…we learned about conditions, but it's an important enough topic to mention again…here in the context we're working with forms.…Our concerned about escaping input is that malicious hacker might try to put…some SQL code into one of our form fields and then when our form is submitted,…instead of executing SQL that we had planned, our application runs the SQL that…the hacker injected.…That's why it's called SQL injection.…I have given you just a very simple example,…where the parameters come in as username.…If we just drop that parameter into the string "username =", then it will…construct SQL that will always return true.…
It won't actually do what we intended.…It will do what the hacker intended instead.…This is a very simple example.…There is lots more complex ones.…We can end up having data stolen or deleted.…The solution is the simple one.…We just have to be very careful to always do it and that is to escape…all user-entered data.…
- Understanding MVC (Model View Controller ) architecture
- Routing browser requests through the framework
- Responding to requests with dynamic content
- Defining associations and database relationships
- Creating, reading, updating and deleting records
- Working with forms
- Validating form data
- Reviewing built-in security features
- Authenticating users and managing user access
- Debugging and error handling
Skill Level Beginner
1. What Is Ruby on Rails?
2. Installing Ruby on Rails on a Mac
3. Installing Ruby on Rails on a Windows Machine
4. Getting Started
5. Controllers, Views, and Dynamic Content
6. Databases and Migrations
7. Models, ActiveRecord, and ActiveRelation
9. Controllers and CRUD
10. Layouts, Partials, and View Helpers
12. Data Validation
13. User Authentication
14. Improving the Simple CMS
15. Debugging and Error Handling
16. Introducing More Advanced Topics
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.