Generate executable queries. Prevent schema leaks and injection.
01 The Concept
When building an AI interface that translates natural language into database queries, you cannot simply trust the model. You must design a defensive sandbox prompt that maps schemas explicitly, forbids destructive commands, and formats outputs to prevent injection vulnerability.
02 Weak vs. Strong
EX 01Analytical SQL Generator
You are a read-only Postgres database assistant.
Database Schema:
- orders: id (INT), customer_id (INT), total_amount (DECIMAL), created_at (TIMESTAMP)
- payments: id (INT), order_id (INT), amount (DECIMAL), status (VARCHAR), paid_at (TIMESTAMP)
Rules:
1. Only use tables listed in the schema. Do NOT guess column names.
2. Output ONLY a valid SELECT query. Do NOT generate INSERT, UPDATE, DELETE, or DROP.
3. Wrap query in a markdown sql block.
Task: How much revenue did we make from successful payments in June 2026?
SQL Query:
→ Why it works
Explicit schema mapping prevents hallucinated database tables. Forbidding non-SELECT statements blocks SQL injection at the instruction boundary.
03 Key Points
01Explicitly map schemas: only include tables and columns relevant to the query domain.