the params hash can be used to replace placeholders in find conditions, like:
Product.find conditions => ["type_id = :type_id", params]
this will generate the sql statement:
... WHERE type_id = '1'... (with apostrophes)
that works for mysql, but i wonder if it works for all databases. would it be safer to pass the correct format? like
... conditions => ["type_id = ?", params[:type_id].to_i]
this generates the sql statement:
... WHERE type_id = 1... (without apostrophes)