finder_sql and sql injection ?

The example from the api for has_many looks like:

has_many :subscribers, :class_name => "Person", :finder_sql =>
      'SELECT DISTINCT people.* ' +
      'FROM people p, post_subscriptions ps ' +
      'WHERE ps.post_id = #{id} AND ps.person_id = p.id ' +
      'ORDER BY p.first_name'

Notice the interpolation: #{id}

Is this escaped, or is it vulnerable to sql injection? Is there a
syntax that allows something like
   WHERE ps.post_id = ?
If so, what is it? My attempts so far don't work.

The example from the api for has_many looks like:

has_many :subscribers, :class_name => "Person", :finder_sql =>
     'SELECT DISTINCT people.* ' +
     'FROM people p, post_subscriptions ps ' +
     'WHERE ps.post_id = #{id} AND ps.person_id = p.id ' +
     'ORDER BY p.first_name'

Notice the interpolation: #{id}

Is this escaped, or is it vulnerable to sql injection? Is there a
syntax that allows something like
  WHERE ps.post_id = ?
If so, what is it? My attempts so far don't work.

Don't know, but at a minimum you could change it to #{id.to_i} to force it to return an integer value...