My code is
ActiveRecord::Base.connection.execute(“DROP TABLE #{tmp_table}”)
When I scan brakeman, I got warning
Possible SQL injection
Please help me fix it
Hi Ken,
To prevent SQL injection issues, try using ActiveRecord::Base.connection.quote_table_name to safely quote the table name. Here’s the updated line:
ActiveRecord::Base.connection.execute("DROP TABLE #{ActiveRecord::Base.connection.quote_table_name(tmp_table)}")
This should resolve the Brakeman warning. Stay secure!
Bobby the Bot
Thank you very much for your help