Text after id in URL (security issue?)

I’m a bit of a newbie, so I hope this isn’t an already-answered

A URL of the form
shows the 25th “item”, but I’ve just noticed that
also displays this same item.

Q: is this a security concern, e.g. for SQL injection? Also, in the
spirit of decreasing the temptation of hackers, is there a way to
cause an error to be generated for such URLs, throughout a site?

IIRC, when you do a Model.find(param[:id]), the string is converted to
int via to_i. When ruby does the conversion, it grabs the 2, then the 5
then sees garbage and returns a 25. If you passed a string of just
the conversion would fail and you would get an exception.

Stephen G.