---
title: "SQL Injection Prevention"
description: "Always use prepared statements or query builders that support parameter binding."
type: skill
canonical_url: https://claudary.paisolsolutions.com/skills/injection
source: "Claudary"
difficulty: intermediate
author: "Claude Code Knowledge Pack"
date: 2026-07-10T11:30:12.604Z
license: CC-BY-4.0
attribution: "SQL Injection Prevention — Claudary (https://claudary.paisolsolutions.com/skills/injection)"
---

# SQL Injection Prevention
Always use prepared statements or query builders that support parameter binding.

## Overview

# SQL Injection Prevention

## Parameterized Queries

Always use prepared statements or query builders that support parameter binding.

```go
rows, err := db.Query("SELECT * FROM users WHERE id = ?", userID)
```

## Command Injection

Never construct shell commands from user input. Use exec.Command with separate arguments.

---

Source: [Claudary](https://claudary.paisolsolutions.com/skills/injection) · https://claudary.paisolsolutions.com
