Avoid dynamic SQL built with format! for SQLx or Diesel
Do not pass `format!(...)` (or equivalent string concatenation) into `sqlx::query` or `diesel::sql_query` sinks.
#Metadata
#Why it matters
Interpolated SQL is the primary SQL injection pattern in Rust ORMs; compile-time macros and bind parameters keep queries safe.
#Remediation
Prefer `sqlx::query!` / `query_as!`, use `.bind(...)` on typed query builders, or Diesel's query DSL with bound parameters instead of raw interpolated strings.
#Repository path
The generated metadata points to critiq-rules/libs/rules/catalog/rules/rust/rust.security.sqlx-diesel-raw-interpolated-query.rule.yaml.