sql injection prevention for create method in rails controller

Question

As seen in comment_controller.rb:

def create
    @comment = Comment.new(params[:comment])
    @comment.save
end

Im assuming that this is SQ

Answer 1

Note that your code example is safe from SQL injection as explained by Alex, but it's not safe from mass assignment exploits.