Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s): ", random()".This method should not be called with user-provided values, such as request parameters or model attributes. Known-safe values can be passed by wrapping them in Arel.sql().
