User:
Title: sadasd
Content:
params[:user] = "') or (SELECT 1 AS one FROM 'orders' WHERE total > 100 AND ''='" User.exists? ["name = '#{params[:user]}'"]