From 10c7cd437fc1dee918d5a1a870e693b4be40a9a2 Mon Sep 17 00:00:00 2001
From: "aikido-autofix[bot]"
 <119856028+aikido-autofix[bot]@users.noreply.github.com>
Date: Wed, 27 Aug 2025 15:33:10 +0000
Subject: [PATCH] fix(security): autofix Potential SQL injection via
 string-based query concatenation

---
 SQL Injection/sql.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/SQL Injection/sql.js b/SQL Injection/sql.js
index ee11853e..129917f7 100644
--- a/SQL Injection/sql.js	
+++ b/SQL Injection/sql.js	
@@ -8,5 +8,4 @@ const sequelize = new Sequelize('database', 'username', 'password', {
 });
 
 app.post('/login', function (req, res) {
-    sequelize.query('SELECT * FROM Products WHERE name LIKE ' +  req.body.username);
-  })
\ No newline at end of file
+    sequelize.query('SELECT * FROM Products WHERE name LIKE :username', { replacements: { username: req.body.username } });
\ No newline at end of file