Javier Sanz


570 Experience
5 Lessons Completed
0 Questions Solved


Posted in SQL injection attempts, any advice?

Thanks Chris! No more evidences in Rollbar of the issue again. A security checklist episode could be great!

Posted in SQL injection attempts, any advice?

Thanks Chris, two newbie questions:

  • (...) 'you should include it to the bottom of your controller': within the private methods or out of them?
  • (...) 'just replace all the params[:page] references with this method page' > Can you confirm if what I got here

@hacks = Hack.friendly.tagged_with(params[:tag]).paginate(:page => params[:page], per_page: 5)
should I replace it with this other string?
@hacks = Hack.friendly.tagged_with(params[:tag]).paginate(:page => page, per_page: 5)

Posted in SQL injection attempts, any advice?

Hi there,

In the logs of Rollbar for my app petithacks.com, I have seen in the past 2 days attempts like the ones in the image

I'm using 'will_paginate' gem for pagination of several records in the app, and also a gem to 'like' elements. Also I found this thread in a google groups but no idea how to include the suggested in my code. Within my hacks_controller.rb these are the 2 methods that include paginate:

def index
@hacks = Hack.friendly.order('id desc').paginate(:page => params[:page], per_page: 5)

def tagged
if params[:tag].present?
@hacks = Hack.friendly.tagged_with(params[:tag]).paginate(:page => params[:page], per_page: 5)
@hacks = redirect_to hacks_path

Any help & advice on how to avoid these kind of attempts?

logo Created with Sketch.

Screencast tutorials to help you learn Ruby on Rails, Javascript, Hotwire, Turbo, Stimulus.js, PostgreSQL, MySQL, Ubuntu, and more. Icons by Icons8

© 2022 GoRails, LLC. All rights reserved.