ActiveRecord performs input sanitization with the :conditions option:
Foo.find :all, :conditions => {:foo => params[:foo]} Foo.find :all, :conditions => ['foo = ?', params[:foo]]
For more advanced conditions, see the Ambition or ez_where libraries:
http://errtheblog.com/post/11998 http://brainspl.at/articles/2006/01/30/i-have-been-busy