Does it validate SQL placeholders before execution?

Yes, it include patterns to verify that all ':placeholder' tokens in a SQL string have corresponding keys in the parameters dictionary, failing fast if a mismatch is found.

What parameter style does this skill enforce?

It strictly enforces the ':param' bind parameter style, explicitly rejecting psycopg2-style '%(param)s' and dangerous f-string interpolation to ensure maximum security.

How does it handle date parameters in queries?

The skill requires all date parameters to be passed as native Python date or datetime objects, preventing the common bugs associated with hardcoded date strings.

What is the 'v2 API compliance' feature?

It ensures that API endpoints support a '?schema=v2' flag, providing backward compatibility for snake_case while defaulting to strict camelCase for modern consumers.

SQL Guardrails

Name: SQL Guardrails
Author: sgpropertyanalytics

bysgpropertyanalytics

•

数据库管理

Enforces strict SQL standards and backend API patterns to prevent injection, data type mismatches, and contract violations.

The SQL Guardrails skill provides a robust framework for backend development, ensuring that all database interactions follow security and architectural best practices. It automates the enforcement of named parameter binding, native Python date handling, and standardized enum normalization via contract schemas. By acting as a validator for service functions and route handlers, it helps developers maintain v2 API compliance, prevent SQL injection through forbidden string interpolation, and ensure consistent outlier filtering across the entire data layer.

主要功能

011 GitHub stars

02Standardizes database enum values through centralized contract schema methods.

03Enforces named parameter binding (:param) to eliminate SQL injection risks.

04Ensures v2 API compliance with dual-mode snake_case and camelCase response patterns.

05Validates SQL placeholders against parameter keys to prevent runtime execution errors.

06Normalizes date handling using native Python objects instead of error-prone strings.

使用场景

01Refactoring legacy SQL queries to meet modern security and performance standards.

02Building new backend service functions that require strict API contract adherence.

03Auditing existing database logic for inconsistent date formats or hardcoded enums.

主要功能

011 GitHub stars

02Standardizes database enum values through centralized contract schema methods.

03Enforces named parameter binding (:param) to eliminate SQL injection risks.

04Ensures v2 API compliance with dual-mode snake_case and camelCase response patterns.

05Validates SQL placeholders against parameter keys to prevent runtime execution errors.

06Normalizes date handling using native Python objects instead of error-prone strings.

使用场景

01Refactoring legacy SQL queries to meet modern security and performance standards.

02Building new backend service functions that require strict API contract adherence.

03Auditing existing database logic for inconsistent date formats or hardcoded enums.