Which ActiveRecord query prevents SQL injection?
Product.where("name = #{@keyword}")
Product.where("name = " << @keyword}
Product.where("name = " + h(@keyword)
Product.where("name = ?", @keyword