ruby on rails - What is the best possible way to avoid the sql injection? -

ruby on rails - What is the best possible way to avoid the sql injection? -

i using ruby 1.8.7 , rails 2.3.2

the next code prone sql injection

params[:id] = "1) or 1=1--" user.delete_all("id = #{params[:id]}")

my question doing next best solution avoid sql injection or not. if not best way so?

user.delete_all("id = #{params[:id].to_i}")

what about:

user.where(id: params[:id]).delete_all

ok sorry rails 2.x its:

user.delete_all(["id = ?", params[:id]])

check doc

btw, sure want utilize delete_all instead of destroy_all, former doesn't trigger callbacks.

ruby-on-rails ruby sql-injection ruby-on-rails-2