Fabulous search routine from RailsSpace but missing 'LIKE' strategy?

I'm having a wonderful time with the RailsSpace book and using their
'browse' example to fashion my queries.
Does anyone know how/if I can include a LIKE statement using this
strategy? I've been searching the web all day and find this is a non-
standard strategy as it seems to be open to SQL injection
attacks..thus I included the sanitize_sql methods to try to protect my
database. Anyway, here's the great code to run this;
  def self.find_by_search(params)
    where = []
    where << sanitize_sql("zipcode = :zipcode") unless
params[:zipcode].blank?
    where << sanitize_sql("city = :city") unless
params[:city].blank?
    where << sanitize_sql("state = :state") unless
params[:state].blank?
    where << sanitize_sql("county = :county") unless
params[:county].blank?
    if where.empty?
      []
    else
      find(:all,
            :conditions => [where.join(" AND "), params],
            :order => params[:order])
    end
end
If anyone has any ideas how I could utilize a LIKE verb, I'd be
grateful to hear.
Thanks,
Kathy