Avoid raw or interpolated SQL
Database query sinks must not receive request-driven or dynamically interpolated SQL text.
#Metadata
#Why it matters
Raw or interpolated SQL can let attackers control query structure when values are not passed separately.
#Remediation
Use prepared statements, placeholder parameters, or a typed query builder instead of executing raw SQL text.
#Repository path
The generated metadata points to critiq-rules/libs/rules/catalog/rules/shared/security.no-sql-interpolation.rule.yaml.