In order to protect against SQL injections, you should only use parameterized SQL connectors with active validation.