📖Method

where is used for filtering a collection of records down using various criteria. You can pass an Array argument. The first element in the Array must be a String that contains a SQL fragment. The criteria that is being searched for is replaced with ?. Each additional Array element will be inserted into the SQL fragment in the order they appear.

If the criteria for the search comes from a User, this is one way Rails can prevent SQL injection attacks.

Returns a new relation, which is the result of filtering the current relation according to the conditions in the arguments. where accepts conditions in one of several formats.

Given a String argument, the String is passed to the query constructor as an SQL fragment, and used in the where clause of the query.

Note that building your own string from user input may expose your application to injection attacks if not done properly. As an alternative, it is recommended to use one of the following methods…