I can't use connection parameters as it only includes values from params. When testing this pattern I noticed this can result in SQL Injection attack. Can this data be cleansed to prevent SQL ...