# Prisma Raw Query SQL Injection

- ID: prisma-raw-query-injection
- Severity: CRITICAL
- CWE: SQL Injection (CWE-89)
- Languages: JavaScript, TypeScript
- Frameworks: prisma

## Description

Using template literals instead of Prisma.sql`` in $queryRaw bypasses
parameter binding and enables SQL injection.

## Detection Message

Raw SQL query uses untrusted input without proper parameterization. Use Prisma.sql`` template tag for safe parameter binding.

## Remediation

Use Prisma.sql`` template tag for parameterized raw queries.

```typescript
import { Prisma } from '@prisma/client';

const users = await prisma.$queryRaw<User[]>(
  Prisma.sql`SELECT * FROM "User" WHERE id = ${userId}`
);
```

Learn more: https://shoulder.dev/learn/typescript/cwe-89/raw-query-injection

## Documentation

[object Object]

## Related Rules

- **SQL Injection via Database Queries** [CRITICAL]: 
- **SQL Injection via Database Queries** [CRITICAL]: 
- **GraphQL Injection / Unsafe Query Construction** [HIGH]: 
- **SQL Injection via Database Queries** [CRITICAL]: 
- **TypeORM SQL Injection in Raw Query** [CRITICAL]: