The string-built query
brown belt
The task you gave the AI: Look up a user by the username from the request.
The AI produced users.ts:
export async function findUser(db: DB, username: string) {
return db.query(
`SELECT * FROM users WHERE name = '${username}'`
);
}Before you trust it — what do you check?