h2. Sanitizing attributes

Keeping an Active Record model secure is mostly about sanitizing the attributes when performing database updates. The most common attack that we're interested in guarding against is SQL-injection. This attack is characterized by the attempt to break out of the current SQL statement and execute a malicious one instead.

You can get Active Record to do the sanitizing for you, if you use the array-interpolation method of specifying conditions in find. And you automatically enjoy sanitizing on the attributes used for inserts.

Read more in "\ActiveRecord::Base":http://ar.rubyonrails.org/classes/ActiveRecord/Base.html