贴吧sql注入问题

app/controllers/memos_controller.rb

@@ -12,7 +12,14 @@ class MemosController < ApplicationController
   def index
     @user = current_user
     @memos = Memo.all
-    s_order = (params[:order] == "replies_count" ? "all_replies_count" : params[:order]) || "updated_at"
+    # replies_count created_at updated_at
+    s_order =
+        case params[:order]
+        when 'replies_count' then 'all_replies_count'
+        when 'created_at' then 'created_at'
+        else
+          'updated_at'
+        end
     # @tidding_count = unviewed_tiddings(current_user) if current_user.present?
     page = params[:page] || 1
     limit = params[:limit] || 15