Simon Willison’s Weblog

Is your Rails application safe? (via) update_attributes(params[:foo]) in ActiveRecord is an anti-pattern.

Posted 22nd September 2008 at 8:28 pm

Recent articles

Nano Banana Pro aka gemini-3-pro-image-preview is the best available image generation model - 20th November 2025
How I automate my Substack newsletter with content from my blog - 19th November 2025
Trying out Gemini 3 Pro with audio transcription and a new pelican benchmark - 18th November 2025

activerecord 2 antipattern 1 rails 72 security 566

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe