From 1aec7fcf0b0e190307d1a9c0b1452c33ff940a26 Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mapeder@microsoft.com>
Date: Thu, 22 Jan 2026 14:41:51 +0000
Subject: [PATCH] PS: Fix example.

---
 .../ql/src/queries/security/cwe-089/examples/SqlInjection.ps1 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/powershell/ql/src/queries/security/cwe-089/examples/SqlInjection.ps1 b/powershell/ql/src/queries/security/cwe-089/examples/SqlInjection.ps1
index c449536a662c..37eb69628182 100644
--- a/powershell/ql/src/queries/security/cwe-089/examples/SqlInjection.ps1
+++ b/powershell/ql/src/queries/security/cwe-089/examples/SqlInjection.ps1
@@ -4,7 +4,7 @@ param(
 
 # BAD: The user input is directly interpolated into the SQL query string
 $query1 = "SELECT * FROM users WHERE name = '$userinput'"
-Invoke-Sqlcmd -ServerInstance "MyServer" -Database "MyDatabase" -Query $query
+Invoke-Sqlcmd -ServerInstance "MyServer" -Database "MyDatabase" -Query $query1
 
 # GOOD: Using parameters to prevent SQL injection
 $query2 = "SELECT * FROM users WHERE name = @username"
@@ -13,4 +13,4 @@ $params = @{
   username = $userinput
 }
 
-Invoke-Sqlcmd -ServerInstance "MyServer" -Database "MyDatabase" -Query $query -QueryParameters $params
\ No newline at end of file
+Invoke-Sqlcmd -ServerInstance "MyServer" -Database "MyDatabase" -Query $query2 -QueryParameters $params
\ No newline at end of file