Topic: Problem in Controller and Model

This is a piece of code found in a fictional Rails controller and model.
Please point out any bugs or security problems in the code, fix them, and refactor the code to
make it cleaner.


class ProfileController < ApplicationController
  def show
    @user = User.find(:first, :conditions => "name = '#{params[:name]}'")
    @roles = Role.find(:all, :conditions => "user_id = #{@user.id}")
  end
end

class User < ActiveRecord::Base
end

class Role < ActiveRecord::Base
end

Please help me out.