diff --git a/ruby/lib/jam_ruby/models/base_search.rb b/ruby/lib/jam_ruby/models/base_search.rb
index 462372796..f08c46a7d 100644
--- a/ruby/lib/jam_ruby/models/base_search.rb
+++ b/ruby/lib/jam_ruby/models/base_search.rb
@@ -102,6 +102,7 @@ module JamRuby
     def self.search_target_class
     end
 
+    # FIXME:  SQL INJECTION
     def _genres(rel, query_data=json)
       gids = query_data[KEY_GENRES]
       unless gids.blank?
@@ -112,6 +113,7 @@ module JamRuby
       rel
     end
 
+    # FIXME:  SQL INJECTION
     def _instruments(rel, query_data=json)
       unless (instruments = query_data[KEY_INSTRUMENTS]).blank?
         instsql = "SELECT player_id FROM musicians_instruments WHERE (("