# Query built from user-controlled sources (SQL Injection)
## What is SQL Injection?
SQL Injection is a type of cyber attack where malicious SQL statements are inserted into an entry field to manipulate a database.
## Why Should I Care About SQL Injection?
SQL Injection attacks can have devastating consequences, including unauthorized access to sensitive data, data manipulation and even data deletion, which will compromise the entire application.
## How to fix SQL Injection:
Common ways to fix SQL injection (SQLi) are by using prepared statements, which separate SQL logic from data, preventing malicious SQL commands from being injected or by implementing input validation, ensuring that user inputs are validated against expected criteria before being used in SQL queries, thereby blocking unauthorized SQL commands.
{% tabs %}
{% tab title="Java" %}
Issue Pattern: executeQuery
This is how Mobb fixes this issue:
This is how Mobb fixes this issue
{% endtab %}
{% tab title="C#" %}
{% endtab %}
{% tab title="JavaScript" %}
{% endtab %}
{% endtabs %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.mobb.ai/mobb-user-docs/more-info/detailed-fix-information/codeql/query-built-from-user-controlled-sources-sql-injection.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.