{"slug": "sql-injection-in-ai-generated-code-why-cursor-keeps-writing-it", "title": "SQL Injection in AI-Generated Code: Why Cursor Keeps Writing It", "summary": "A developer found that Cursor, an AI code editor, generated a login endpoint with a SQL injection vulnerability (CWE-89) by interpolating user input directly into a SQL query string. The developer warns that AI models trained on tutorials and StackOverflow answers often reproduce unsafe patterns, and recommends using parameterized queries or ORMs to prevent attacks. The developer also built SafeWeave, an MCP server that hooks into Cursor and Claude Code to flag interpolated SQL in real time.", "body_md": "I asked Cursor to write a login endpoint last week. It gave me clean, readable code that worked on the first try. It also handed me a textbook SQL injection hole, and it did it with a straight face.\n\nHere is the thing about AI-generated database code. It almost always works when you test it with normal input. Type in a real email, get a real user back. Ship it. The problem only shows up when someone types input that was never a name or an email in the first place.\n\nThis is the pattern I see in nearly every AI-generated query (CWE-89):\n\n``` js\nconst email = req.body.email;\nconst query = `SELECT * FROM users WHERE email = '${email}'`;\nconst user = await db.query(query);\n```\n\nLooks fine. Reads fine. Now watch what happens when someone sends this as the email:\n\n```\n' OR '1'='1\n```\n\nThe query becomes `SELECT * FROM users WHERE email = '' OR '1'='1'`\n\n. That returns every row in the table. Swap the payload and an attacker can drop tables, read other schemas, or dump your entire user list. No exotic tooling required. Just a text field and five seconds.\n\nAI editors learned to code from millions of tutorials and StackOverflow answers, and a huge chunk of those examples build SQL by mashing strings together. It is the shortest way to show a query in a blog post. The model reproduces the shortest, most common pattern, not the safest one. Template literals in JavaScript make it worse because the interpolation looks so clean that the danger disappears entirely.\n\nThe model is not reasoning about a malicious user. It is pattern-matching against what a query \"usually looks like.\" Nobody in the training data labeled the interpolated version as the dangerous one.\n\nNever put user input into the SQL string. Pass it separately as a parameter and let the driver handle escaping:\n\n``` js\nconst email = req.body.email;\nconst query = 'SELECT * FROM users WHERE email = $1';\nconst user = await db.query(query, [email]);\n```\n\nThe database now treats email strictly as a value, never as executable SQL. The malicious payload becomes a literal search for a user whose email is that exact string. It matches nothing. Attack neutralized.\n\nSame rule in Python with psycopg2:\n\n```\ncur.execute(\"SELECT * FROM users WHERE email = %s\", (email,))\n```\n\nIf you use an ORM like Prisma, Drizzle, or SQLAlchemy, the parameterization is handled for you, right up until you reach for a raw query helper. That is where the interpolation sneaks back in, so grep your codebase for raw query calls specifically.\n\nI have been running [SafeWeave](https://safeweave.dev) for this. It hooks into Cursor and Claude Code as an MCP server and flags interpolated SQL the moment it gets generated, before I move on to the next file. That said, even a basic pre-commit hook with semgrep will catch most of what is in this post. The important thing is catching it early, whatever tool you use.", "url": "https://wpnews.pro/news/sql-injection-in-ai-generated-code-why-cursor-keeps-writing-it", "canonical_source": "https://dev.to/c_k_fb750e731394/sql-injection-in-ai-generated-code-why-cursor-keeps-writing-it-580i", "published_at": "2026-07-15 20:34:16+00:00", "updated_at": "2026-07-15 21:10:35.095141+00:00", "lang": "en", "topics": ["artificial-intelligence", "ai-safety", "developer-tools", "ai-products"], "entities": ["Cursor", "SafeWeave", "Claude Code", "Prisma", "Drizzle", "SQLAlchemy", "semgrep"], "alternates": {"html": "https://wpnews.pro/news/sql-injection-in-ai-generated-code-why-cursor-keeps-writing-it", "markdown": "https://wpnews.pro/news/sql-injection-in-ai-generated-code-why-cursor-keeps-writing-it.md", "text": "https://wpnews.pro/news/sql-injection-in-ai-generated-code-why-cursor-keeps-writing-it.txt", "jsonld": "https://wpnews.pro/news/sql-injection-in-ai-generated-code-why-cursor-keeps-writing-it.jsonld"}}