From 6dc749596c328c44c80f898d5fa860fff6cab783 Mon Sep 17 00:00:00 2001 From: Pete Campbell Date: Thu, 28 Jul 2011 09:44:51 -0400 Subject: [PATCH] Explicitly included hashes in sentence regarding SQL-injection-safe forms --- activerecord/lib/active_record/base.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index 4136868b39..461df0555f 100644 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -63,9 +63,9 @@ module ActiveRecord #:nodoc: # == Conditions # # Conditions can either be specified as a string, array, or hash representing the WHERE-part of an SQL statement. - # The array form is to be used when the condition input is tainted and requires sanitization. The string form can - # be used for statements that don't involve tainted data. The hash form works much like the array form, except - # only equality and range is possible. Examples: + # The array form is to be used when the condition input is tainted and requires sanitization. The string and hash + # forms can be used for statements that don't involve tainted data. The hash form works much like the array form, + # except only equality and range is possible. Examples: # # class User < ActiveRecord::Base # def self.authenticate_unsafely(user_name, password)