Use actual link to link to security guide [ci-skip]

jonathanhefner · jonathanhefner · commit 39a2fd87124c · 2025-08-08T17:43:20.000-05:00
diff --git a/activerecord/lib/active_record/querying.rb b/activerecord/lib/active_record/querying.rb
@@ -46,8 +46,8 @@ module Querying
     #   Post.find_by_sql ["SELECT title FROM posts WHERE author = ? AND created > ?", author_id, start_date]
     #   Post.find_by_sql ["SELECT body FROM comments WHERE author = :user_id OR approved_by = :user_id", { :user_id => user_id }]
     #
-    # Note that building your own SQL query string from user input may expose your application to
-    # injection attacks (https://guides.rubyonrails.org/security.html#sql-injection).
+    # Note that building your own SQL query string from user input {may expose your application to
+    # injection attacks}[https://guides.rubyonrails.org/security.html#sql-injection].
     def find_by_sql(sql, binds = [], preparable: nil, allow_retry: false, &block)
       result = with_connection do |c|
         _query_by_sql(c, sql, binds, preparable: preparable, allow_retry: allow_retry)
