Parameterized Queries
Use parameterized queries to prevent SQL injection
CLAUDE.md
Use parameterized queries for all database operations. Never interpolate user input into SQL strings. This applies to all query builders and ORMs — verify they parameterize under the hood.
Copy this block into your CLAUDE.md or agent config file to enforce it in your workflow.