[Rails] Problem in Rails Controller and Model

Hi,
This is a piece of code found in a fictional Rails controller and
model.
Please point out any bugs or security problems in the code, fix them,
and refactor the code to make it cleaner.

class ProfileController < ApplicationController
def show
@user = User.find(:first, :conditions => "name =
'#{params[:name]}'")
@roles = Role.find(:all, :conditions => "user_id = #{@user.id}")
end
end

class User < ActiveRecord::Base
end

class Role < ActiveRecord::Base
end

Please help me out.

--
Posted via http://www.ruby-forum.com/.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.