SQL Injection (Educational)
Vulnerable pattern:
const query = "SELECT * FROM users WHERE email = '" + email + "' AND pass = '" + pass + "'";
// User input like ' OR '1'='1 will bypass authSafe pattern (parameterized):
const query = "SELECT * FROM users WHERE email = ? AND pass = ?";
db.execute(query, [email, pass]);Use least-privileged DB accounts, input validation, and ORM parameter binding. See OWASP ASVS 4.0 (V5, V8).