rails活动记录sql注入

Question

任何人都可以解释为什么这会抛出异常

User.find_by_name("kotori", :select => "id, name FROM users; DROP TABLE users; --")

 User Load (0.0ms)   Mysql::Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DROP TABLE users; -- FROM `users` WHERE (`users`.`name` = 'kotori') LIMIT 1' at line 1: SELECT id, name FROM users; DROP TABLE users; -- FROM `users` WHERE (`users`.`name` = 'kotori') LIMIT 1
ActiveRecord::StatementInvalid: Mysql::Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DROP TABLE users; -- FROM `users` WHERE (`users`.`name` = 'kotori')  LIMIT 1' at line 1: SELECT id, name FROM users; DROP TABLE users; -- FROM `users` WHERE (`users`.`name` = 'kotori')  LIMIT 1

from /gems/activerecord-2.3.18/lib/active_record/connection_adapters/abstract_adapter.rb:227:in `log'
from /gems/activerecord-2.3.18/lib/active_record/connection_adapters/mysql_adapter.rb:324:in `execute'
from /gems/activerecord-2.3.18/lib/active_record/connection_adapters/mysql_adapter.rb:639:in `select'
from /gems/activerecord-2.3.18/lib/active_record/connection_adapters/abstract/database_statements.rb:7:in `select_all_without_query_cache'
from /gems/activerecord-2.3.18/lib/active_record/connection_adapters/abstract/query_cache.rb:62:in `select_all'
from /gems/activerecord-2.3.18/lib/active_record/base.rb:665:in `find_by_sql_without_default_slave'
from /gems/active_record_shards-2.7.0/lib/active_record_shards/default_slave_patches.rb:12:in `find_by_sql'
from /gems/active_record_shards-2.7.0/lib/active_record_shards/default_slave_patches.rb:93:in `on_slave_unless_tx'
from /gems/active_record_shards-2.7.0/lib/active_record_shards/default_slave_patches.rb:11:in `find_by_sql'
from /gems/activerecord-2.3.18/lib/active_record/base.rb:1582:in `find_every_without_default_slave'
from /gems/active_record_shards-2.7.0/lib/active_record_shards/default_slave_patches.rb:12:in `find_every'
from /gems/active_record_shards-2.7.0/lib/active_record_shards/default_slave_patches.rb:93:in `on_slave_unless_tx'
from /gems/active_record_shards-2.7.0/lib/active_record_shards/default_slave_patches.rb:11:in `find_every'
from /gems/activerecord-2.3.18/lib/active_record/base.rb:1539:in `find_initial'
from /gems/activerecord-2.3.18/lib/active_record/base.rb:617:in `find'
from /gems/activerecord-2.3.18/lib/active_record/base.rb:1918:in `find_by_name'

在this文章中他们说sql注入是可能的我无法重现这个我做错了什么？任何帮助将不胜感激..