All skills
Skillintermediate

SQL Injection Prevention

Always use prepared statements or query builders that support parameter binding.

Claude Code Knowledge Pack7/10/2026

Overview

SQL Injection Prevention

Parameterized Queries

Always use prepared statements or query builders that support parameter binding.

rows, err := db.Query("SELECT * FROM users WHERE id = ?", userID)

Command Injection

Never construct shell commands from user input. Use exec.Command with separate arguments.