What is the difference between "like" and "=" ? For example:
def sequence
slug = title.to_param
sequence = Movie.where("slug = '#{slug}-%'").count + 2
"#{slug}-#{sequence}"
end
and
def sequence
slug = title.to_param
sequence = Movie.where("slug like #{slug}-%").count + 2
"#{slug}-#{sequence}"
end
"=" will return the exact match "LIKE" will return partial matching
sql injections can happen in both cases You need to do a sanity check on the inputs , use parametrized queries like : User.where("id = ?", params[:user][:user_id]).first
check https://guides.rubyonrails.org/security.html#sql-injection
for "LIKE" operator specifecally a DOS attack could occur check http://rorsecurity.info/portfolio/rails-sql-injection-like
