Home SQL injection error at where method in controller
 I have where method in Model and i am calling it in controller. def some_method test = Something::Model.where(params[:param1], params[:param2], params[:param2], params[:param3]) ..more code here.. end  After pushing my code to remote branch, jenkins started throwing brakeman related errors. After further investigation, i found that brakeman is throwing Possible sql injection error at line test = Something::Model.where(params[:param1] So after some research i found that i have to use ActionController::Base.helpers.santize so when i used it as follows, it didnt throw any brakeman error. def some_method test = Something::Model.where(ActionController::Base.helpers.sanitize(params[:param1]), ActionController::Base.helpers.sanitize(params[:param2]), ActionController::Base.helpers.sanitize(params[:param2]), ActionController::Base.helpers.sanitize(params[:param3])) ..more code here.. end  My question is, is this the right way to fix that error or there is better way? Thanks for reading