Case Study: SQLx 0.9 QueryBuilder Migration Codex GPT-5.5 migrated a Rust fixture from dynamic SQL to SQLx 0.9's QueryBuilder with push_bind, preserving SQL injection safety. The GitHits-assisted run completed 29% faster (425s vs 597s) using 64% fewer tokens (1.22M vs 3.36M) and 41% fewer tool calls than the unaided run. Both runs produced a passing patch that replaced unsafe string interpolation with bound parameters. Back to blog /blog/ June 3, 2026 · 3 min read Case Study: SQLx 0.9 QueryBuilder Migration A measured Codex run migrating dynamic SQL to SQLx 0.9 while preserving bound user input. The fixture is a Rust migration to sqlx 0.9.0 . Both runs used Codex GPT-5.5 against the same fixture. The prompt was: Fix this Rust fixture so cargo test succeeds against sqlx 0.9.0 , preserving SQL injection safety. The fixture started with stale dynamic SQL construction. SQLx 0.9 introduced SqlSafeStr , so passing an owned dynamic String to query as no longer compiled by default. AssertSqlSafe can make dynamic SQL compile again. In this fixture, using it would keep the injection bug. Case study replay SQLx 0.9 SQL safety migration model Codex GPT-5.5Fix this Rust fixture so cargo test succeeds against sqlx 0.9.0 , preserving SQL injection safety. Without GitHits - tokens - 0 - time - 0s / 597s - Ready. Click "Watch Replay" to start. - Reached the same safe QueryBuilder fix, but spent 3.36M tokens across 19 web searches and 52 shell calls. With GitHits - tokens - 0 - time - 0s / 425s - Ready. Click "Watch Replay" to start. - Used SQLx 0.9 evidence to replace unsafe dynamic SQL with QueryBuilder