Protect Against SQL Injection
See how the pin operator protects from SQL injection attacks.
We'll cover the following...
The pin operator performs another critical job—it protects us from SQL injection attacks. When Ecto converts the Query struct into an SQL statement, any values added by the pin operator become parameterized values.
We can verify this by using to_sql to look at the query form.
Access this course and 1400+ top-rated courses and projects.