@silviurosu sure - if I understand correctly, the fragment will escape the string… Am I wrong? Will doing it like you suggest escape the input? Since the params[“search”] comes from directly form user input, I have to escape it first.
Does ecto automatically escapes all inputs? I come from PHP so I’m used to escape everything before running the queries to get rid of SQL injections. Most ORMs do it, but when you start writing raw queries, it needs to be escaped…
1 Like
