Not too long ago, I blogged about importance of getting developers to code parametrized queries instead of using literal values in SQL queries. In this post I urged every DBA to forward an article that talked about SQL injection attacks to their developers. Well, it would not have helped any to send this article to a Ruby on Rails developer because Ruby on Rails does not support parametrized queries. I should say “did not support till today”. Today IBM delivered version 2.0 of the Rails adapter for DB2 and the key future of this new version is support for parametrized queries. Just as for the other programming environments, parametrized queries deliver better performance (much better when paired with DB2 Statement Concentrator; new in v9.7) for Ruby on Rails. More important, parametrized queries further help with reducing the possibility of an SQL injection attack. This makes DB2 very unique in the Ruby on Rails space as it is the only database that supports parametrized queries at this time.
Instead of me trying to describe this support I would recommend that you point your browser to an excellent article on the subject just published by Antonio Cangiano, our Ruby on Rails expert extraordinaire.