logic for a search method

A couple of things:
1) You want to make sure you protect against SLQ injection, so do not
pass the variables without escaping them. Rails does this for you when
it substitutes the ? in the find method.

2) You can use the code below to do what you want.

Hope that helps,