> >
>
> I've also been using Ruby DBI for years without issue. I've written hundreds
> of scripts using it and it's always worked a treat. I've used it with both
> MySQL and SQL Server (though that was a long time ago).


If you using SQL server don't rely on prepare statements to protect
you from SQL injection attacks. All it's doing is simple string
substitutions (it doesn't actually create prepared statements).

I had better luck with ODBC then ADO when going against SQL server
FTIW. The ADO driver need some more work.