Rails, how to sanitize SQL in find_by_sql

Question

Is there a way to sanitize sql in rails method find_by_sql?

I\'ve tried this solution: Ruby on Rails: How to sanitize a string for SQL when not using fi

Answer 1

User.find_by_sql(["SELECT * FROM users WHERE (name = ?)", params])

Source: http://blog.endpoint.com/2012/10/dont-sleep-on-rails-3-sql-injection.html