Protect Against SQL Injection
See how the pin operator protects from SQL injection attacks.
We'll cover the following
The pin operator performs another critical job—it protects us from SQL injection attacks. When Ecto converts the Query
struct into an SQL statement, any values added by the pin operator become parameterized values.
We can verify this by using to_sql
to look at the query form.
Get hands-on with 1200+ tech skills courses.