I am working on a Rails project and using Brakeman as a tool for debugging. I have used a query to get data from table, but during Brakeman's test it states there is Sql Injection Possibility in the query.
Here is my query:
Applicant.all.where("profile_id=#{current_user.profile.id}").first
But I don't know what's the issue with this query, if it is not secured then how can I prevent it from SQL injections?
USE this according to rails guide right way to do this
Applicant.where('profile_id = ?', current_user.profile.id).first
OR
Applicant.where(profile_id: current_user.profile.id).first
OR
Applicant.find_by_profile_id(current_user.profile.id)
OR
Applicant.find_by(profile_id: current_user.profile.id)