How do I use the "Secure SQL Injection Vulnerability" prompt?

Copy the prompt template, fill in the variables (PROGRAMMING_LANGUAGE, VULNERABLE_CODE, APPLICATION_TYPE, DATABASE_SYSTEM, FRAMEWORK), and paste it into ChatGPT, Claude, or Gemini.

What AI tools work with this coding prompt?

This prompt works with chatgpt, claude, gemini. Simply copy and paste the template into any of these AI assistants.

Tips for getting the best results?

Always test your secure code with actual SQL injection payloads to verify the fix works Include the specific database system and framework for more targeted security recommendations Ask for both static analysis and dynamic testing approaches for comprehensive security Request logging and monitoring recommendations to detect future attack attempts Have the AI explain the attack vectors so your team understands the 'why' behind the security measures

coding intermediate

Secure SQL Injection Vulnerability

AI prompt to identify and fix SQL injection vulnerabilities in your code. Get secure parameterized queries and prevention strategies.

Works with: chatgptclaudegemini

Prompt Template

You are a senior cybersecurity engineer specializing in database security. I need you to analyze the following code for SQL injection vulnerabilities and provide secure alternatives. **Code to analyze:** ```[PROGRAMMING_LANGUAGE] [VULNERABLE_CODE] ``` **Context:** - Application type: [APPLICATION_TYPE] - Database system: [DATABASE_SYSTEM] - Framework/ORM: [FRAMEWORK] Please provide: 1. **Vulnerability Assessment**: Identify all potential SQL injection points and explain why they're vulnerable 2. **Risk Analysis**: Rate the severity (Critical/High/Medium/Low) and explain the potential impact 3. **Secure Code Solution**: Rewrite the code using: - Parameterized queries/prepared statements - Input validation and sanitization - Proper error handling - Least privilege database permissions 4. **Testing Strategy**: Provide specific test cases to verify the vulnerability is fixed 5. **Prevention Guidelines**: List 5 best practices to prevent similar vulnerabilities in future development 6. **Code Comments**: Add inline comments explaining security measures Format your response with clear sections and include both the vulnerable and secure code examples with syntax highlighting.

Variables to Customize

[PROGRAMMING_LANGUAGE]

The programming language used in the code

Example: Python

[VULNERABLE_CODE]

The code snippet that potentially contains SQL injection vulnerabilities

Example: def get_user(username): query = "SELECT * FROM users WHERE username = '" + username + "'" cursor.execute(query) return cursor.fetchone()

[APPLICATION_TYPE]

Type of application being secured

Example: Web API for user authentication

[DATABASE_SYSTEM]

Database management system being used

Example: PostgreSQL

[FRAMEWORK]

Web framework or ORM being used

Example: Flask with psycopg2

Example Output

## Vulnerability Assessment **Critical SQL Injection Found**: The code directly concatenates user input into the SQL query without sanitization, making it vulnerable to SQL injection attacks. ## Risk Analysis **Severity: CRITICAL** - Attackers can bypass authentication - Full database compromise possible - Data exfiltration and manipulation risk ## Secure Code Solution ```python import psycopg2 from psycopg2 import sql def get_user(username): # Use parameterized query to prevent SQL injection query = "SELECT * FROM users WHERE username = %s" try: cursor.execute(query, (username,)) return cursor.fetchone() except psycopg2.Error as e: logging.error(f"Database error: {e}") return None ``` ## Testing Strategy 1. Test with malicious input: `admin'; DROP TABLE users; --` 2. Verify parameterized query handles special characters 3. Confirm error messages don't leak database structure ## Prevention Guidelines 1. Always use parameterized queries 2. Implement input validation 3. Use least privilege database accounts 4. Regular security code reviews 5. Automated vulnerability scanning

Pro Tips for Best Results

Always test your secure code with actual SQL injection payloads to verify the fix works
Include the specific database system and framework for more targeted security recommendations
Ask for both static analysis and dynamic testing approaches for comprehensive security
Request logging and monitoring recommendations to detect future attack attempts
Have the AI explain the attack vectors so your team understands the 'why' behind the security measures