Recently, we were trying to write a similarity(...) query in Postgres, and needed to pass in a parameter into a SELECT clause. Brakeman came back saying that we had a Possible SQL Injection. After looking at the code, we were directly interpolating t...