# SQL Injection via Database Queries

- ID: python-sql-injection
- Severity: CRITICAL
- CWE: SQL Injection (CWE-89)
- Languages: Python
- Frameworks: django, flask, fastapi, pyramid, tornado, bottle, falcon, sanic

## Description

Detects untrusted user input flowing into SQL database queries without proper
parameterization.

## Remediation

Use parameterized queries with placeholders.

```python
cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))
```

Learn more: https://shoulder.dev/learn/python/cwe-89/sql-injection

## Documentation

[object Object]

## Related Rules

- **SQL Injection via Database Queries** [CRITICAL]: 
- **SQL Injection via Database Queries** [CRITICAL]: 
- **Prisma Raw Query SQL Injection** [CRITICAL]: 
- **GraphQL Injection / Unsafe Query Construction** [HIGH]: 
- **TypeORM SQL Injection in Raw Query** [CRITICAL]: