sherwin m Fri Mar 08 15:20:05 -0500 2013

Subject: find_by_sql and binding

if i use find_by_sql, will it bind the variables to keep it safe from injection attacks?

i am using it like the following:

model::find_by_sql("CALL my_stored_procedure(?, ?, ?)", array(1, 'hello', 'world!'));

also, is this the proper way to call a stored procedure?