# SQL Injection in Next.js Server Actions

- ID: javascript-nextjs-server-action-sql-injection
- Severity: MEDIUM
- Languages: JavaScript, TypeScript
- Frameworks: nextjs

## Description

Detects untrusted input from Server Actions flowing into SQL queries without parameterization.

## Detection Message

Server Action '{function_name}' has SQL injection vulnerability: untrusted input flows to SQL query

## Remediation

Use parameterized queries or ORM methods to prevent SQL injection.
See remediation section for examples.

## Documentation

[object Object]

## Related Rules

- **Docker Build Optimization and Best Practices** [LOW]: 
- **Docker Compose Obsolete Version Field** [LOW]: 
- **Docker File Operations Best Practices** [LOW]: 
- **Invalid Port Number in EXPOSE** [ERROR]: 
- **Multiple ENTRYPOINT Instructions** [MEDIUM]: