Open cpiazza opened 3 years ago
Using raw SQL should be avoided as much as possible in favor of ActiveRecord. Also, in this form the user input is not sanitized and thus presents a security risk. Please remove the raw SQL in favor of ActiveRecord statements.
https://github.com/vishal-gh/TodoApp/blob/da395eb5f57e2bf966c7fe618bc7f8f2a99a62ec/app/controllers/search_controller.rb#L25
Fixed.
vishal-gh
commented
3 years ago
Using raw SQL should be avoided as much as possible in favor of ActiveRecord. Also, in this form the user input is not sanitized and thus presents a security risk. Please remove the raw SQL in favor of ActiveRecord statements.
https://github.com/vishal-gh/TodoApp/blob/da395eb5f57e2bf966c7fe618bc7f8f2a99a62ec/app/controllers/search_controller.rb#L25