Simon Willison’s Weblog

Is your Rails application safe? (via) update_attributes(params[:foo]) in ActiveRecord is an anti-pattern.

Posted 22nd September 2008 at 8:28 pm

Recent articles

How often do LLMs snitch? Recreating Theo's SnitchBench with LLM - 31st May 2025
Talking AI and jobs with Natasha Zouves for News Nation - 30th May 2025
Large Language Models can run tools in your terminal with LLM 0.26 - 27th May 2025

antipattern 1 activerecord 2 rails 72 security 518

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe