DiscordSign up
SKILLS.SH

sql-injection-prevention

>

INSTALLATION
npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill sql-injection-prevention
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

SQL Injection Prevention

Table of Contents

  • [Overview](#overview)
  • [When to Use](#when-to-use)
  • [Quick Start](#quick-start)
  • [Reference Guides](#reference-guides)
  • [Best Practices](#best-practices)

Overview

Implement comprehensive SQL injection prevention using prepared statements, parameterized queries, ORM best practices, and input validation.

When to Use

  • Database query development
  • Legacy code security review
  • Security audit remediation
  • API endpoint development
  • User input handling
  • Dynamic query generation

Quick Start

Minimal working example:

// secure-db.js

const { Pool } = require("pg");

class SecureDatabase {

  constructor() {

    this.pool = new Pool({

      host: process.env.DB_HOST,

      database: process.env.DB_NAME,

      user: process.env.DB_USER,

      password: process.env.DB_PASSWORD,

      max: 20,

      idleTimeoutMillis: 30000,

      connectionTimeoutMillis: 2000,

    });

  }

  /**

   * ✅ SECURE: Parameterized query

   */

  async getUserById(userId) {

    const query = "SELECT * FROM users WHERE id = $1";

    const values = [userId];

    try {

      const result = await this.pool.query(query, values);

// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide

Contents

Node.js with PostgreSQL

Node.js with PostgreSQL

Python with SQLAlchemy ORM

Python with SQLAlchemy ORM

Java JDBC with Prepared Statements

Java JDBC with Prepared Statements

Input Validation & Sanitization

Input Validation & Sanitization

Best Practices

✅ DO

  • Use prepared statements ALWAYS
  • Use ORM frameworks properly
  • Validate all user inputs
  • Whitelist dynamic values
  • Use least privilege DB accounts
  • Enable query logging
  • Regular security audits
  • Use parameterized queries

❌ DON'T

  • Concatenate user input
  • Trust client-side validation
  • Use string formatting for queries
  • Allow dynamic table/column names
  • Grant excessive DB permissions
  • Skip input validation
BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

azure-compliance
3/3

Azure compliance scanning, Key Vault expiration auditing, and resource configuration validation. Runs azqr (Azure Quick Review) for comprehensive compliance assessment against best practices across subscriptions and resource groups Monitors Key Vault keys, secrets, and certificates for expiration dates and identifies items without expiration policies Detects orphaned, misconfigured, and non-compliant resources using Resource Graph queries Classifies findings by priority (Critical, High, Medium, Low) with remediation guidance for each issue

Verified authormicrosoft
SKILLS.SH
293K1.1K
2026-05-22
openclaw-secure-linux-cloud
1/3

Use when self-hosting OpenClaw on a cloud server, hardening a remote OpenClaw gateway, choosing between SSH tunneling, Tailscale, or reverse-proxy exposure, or…

xixu-me
SKILLS.SH
150K53
2026-05-22
entra-agent-id
3/3

Provision Microsoft Entra Agent Identity Blueprints, BlueprintPrincipals, and per-instance Agent Identities via Microsoft Graph, and configure OAuth 2.0 token…

Verified authormicrosoft
SKILLS.SH
59.1K1.1K
2026-05-21
firebase-security-rules-auditor
3/3

A skill to evaluate how secure Firestore security rules are. Use this when Firestore security rules are updated to ensure that the generated rules are…

firebase
SKILLS.SH
23.5K292
2026-05-21

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card