So, I know that Rails helps protect against SQL injection when used as follows:
Object.find(:first, :conditions=>["name=?",name])
However, I cannot find if the auto-generated methods find_by and find_all_by protect re-injection of sql.
i.e:
Object.find_by_name(name)
Thus, these two calls have the same result. My question is even that the second is more convenient, should I continue to use the first because it provides protection against SQL injection, or does the second do it?
source share