rails xss protection mechanism also against sql injection?

i used to code my pages in php, and am new to ror. recently i read this articl开发者_开发技巧e: http://asciicasts.com/episodes/204-xss-protection-in-rails-3 about the xss protection and im curious, whether this only applies to output like js on a html page, or whether this ruby feature also covers sql injection, <img src="evilpage.php"/> session stealing and others?

Cross-site scripting (XSS) and SQL injection are two entirely different things, but using ActiveRecord properly in Rails 3 will also protect you from SQL injection.

Cross-site request forgery (CSRF, 'session stealing') is something totally different again.