Protect Against SQL Injection

See how the pin operator protects from SQL injection attacks.

We'll cover the following

The pin operator performs another critical job—it protects us from SQL injection attacks. When Ecto converts the Query struct into an SQL statement, any values added by the pin operator become parameterized values.

We can verify this by using to_sql to look at the query form.

Get hands-on with 1200+ tech skills courses.