Spot SQL injection vulnerabilities and performance bottlenecks before they hit production. Turn database security analysis from guesswork into confidence.

Quick Start

Jump straight in with these copy-paste prompts. You'll be amazed at what database security issues this can catch:

Quick Security Check 
Please analyze this PHP file for database security issues: C:/api/UserService.php
Performance Focus 
Check this WordPress plugin file for slow database queries: C:/wp-plugin/includes/DataHandler.php
Comprehensive Analysis 
Analyze all database queries in this Laravel controller: C:/app/Http/Controllers/ReportController.php

Security First

Database vulnerabilities can expose your entire application. This analysis focuses on the most critical security patterns that actually matter in production.

What It Does

Think of this as having a database security expert review every query in your code. analyze_database_queries extracts database interactions from PHP, JavaScript, TypeScript, and Python files, then performs comprehensive security and performance analysis.

It's like having a specialist who knows exactly what to look for:

  • SQL Injection Detection - Spots vulnerable query construction patterns
  • Performance Analysis - Identifies N+1 queries, missing indexes, inefficient patterns
  • Security Best Practices - Prepared statements, input sanitisation, privilege checks
  • Framework Patterns - Laravel Eloquent, WordPress $wpdb, Node.js ORM analysis
  • Data Exposure Risks - Overprivileged queries, sensitive data handling

The analysis understands context - it knows the difference between a dynamic search query (which needs careful handling) and a static configuration query (which is usually safe).

Parameters

Here's what you can customise to get exactly the database analysis you need:

Parameter Type Required Default Description
filePath string Yes* -

Path to file containing database queries

Example: "C:/api/UserRepository.php"
code string Yes* -

Code content to analyze (alternative to filePath)

Perfect for pasting suspect query code
projectPath string Yes* -

Path to project root (for multi-file analysis)

Analyzes all database interactions across the project
language string No "php"

Programming language: php, javascript, typescript, python

Auto-detects common database patterns per language
analysisType string No "comprehensive"

Focus: "security", "performance", "best-practices", "comprehensive"

Default: "comprehensive" - covers security and performance
analysisDepth string No "detailed"

Analysis depth: "basic", "detailed", "comprehensive"

Use "comprehensive" for production security reviews
context object No {}

Database and framework context for specialized analysis

Example: {"framework": "Laravel", "database": "MySQL"}

*One of filePath, code, or projectPath is required

Real-World Examples

Here's how to use it for different database security scenarios:

Laravel Application Security Review

Eloquent Security Analysis 
houtini-lm:analyze_database_queries with:
- filePath: "C:/laravel-app/app/Http/Controllers/UserController.php"
- language: "php"
- analysisType: "security"
- context: {"framework": "Laravel", "database": "MySQL", "version": "10"}

WordPress Plugin Database Audit

WordPress Security Check 
houtini-lm:analyze_database_queries with:
- projectPath: "C:/wp-plugin"
- language: "php"
- analysisType: "comprehensive"
- context: {"framework": "WordPress", "wpdb": true, "custom_tables": true}

Node.js API Performance Review

ORM Performance Analysis 
houtini-lm:analyze_database_queries with:
- filePath: "C:/api/src/services/ReportService.ts"
- language: "typescript"
- analysisType: "performance"
- context: {"orm": "Prisma", "database": "PostgreSQL"}

Direct SQL Code Review

Quick Query Check 
houtini-lm:analyze_database_queries with:
- code: "$query = \"SELECT * FROM users WHERE id = \" . $_GET['id'];"
- language: "php"
- analysisType: "security"

What You Get Back

The analysis delivers actionable insights that help you secure and optimize your database interactions:

🔒 Security Vulnerability Detection

  • SQL Injection Risks - Specific vulnerable queries with exploit examples
  • Input Validation Issues - Missing sanitization, type checking problems
  • Authentication Bypasses - Queries that might bypass security checks
  • Data Exposure Risks - Overprivileged queries returning sensitive data
  • Injection Vectors - User input paths that reach database queries

⚡ Performance Optimization

  • N+1 Query Detection - Loops that cause database hammering
  • Missing Index Identification - Queries that would benefit from indexes
  • Inefficient Patterns - SELECT *, unnecessary JOINs, subquery issues
  • Query Complexity Analysis - Overly complex queries with simplification suggestions
  • Connection Management - Connection pooling and resource usage patterns

📋 Framework-Specific Best Practices

  • Laravel Eloquent - Relationship usage, query scopes, mass assignment
  • WordPress $wpdb - Prepared statements, nonces, capability checks
  • Node.js ORMs - Sequelize, Prisma, TypeORM patterns and optimization
  • Raw SQL - Prepared statement usage, parameterization, escaping

🛠️ Specific Fixes and Improvements

  • Before/after code examples showing exactly how to fix issues
  • Prepared statement conversions with proper parameterization
  • Query optimization suggestions with performance impact estimates
  • Security implementation patterns using framework best practices
  • Testing recommendations to verify fixes work correctly

Security-First Approach

Every recommendation prioritises security without sacrificing performance. You get practical fixes that actually work in production environments.

Perfect Use Cases

Here's when this function becomes your database security guardian:

🛡️ Pre-Deployment Security Review

Before pushing authentication, user management, or payment handling code, run it through database security analysis. Catch SQL injection vulnerabilities before they become headlines.

🔍 Legacy Code Assessment

Inherited an application with questionable database practices? Get a comprehensive security and performance assessment of all database interactions to prioritise your fixes.

⚡ Performance Investigation

When your application is slow and you suspect the database, paste the suspect code and get specific recommendations about query optimization and bottleneck elimination.

📚 Code Review Enhancement

Before peer reviews, run your database code through analysis to catch issues early. Makes you look thorough and security-conscious to your team.

🎓 Security Learning

Understanding what makes database code secure vs vulnerable. Learn to recognize dangerous patterns and understand why certain approaches are problematic.

✅ Compliance Preparation

When preparing for security audits (PCI DSS, SOC 2, etc.), use this to identify and document database security measures and potential compliance issues.

Security Focus Areas

Understanding what this analysis prioritises helps you write more secure database code:

🎯 Critical Security Patterns

High-Risk Patterns Detected

  • String concatenation in queries - Classic SQL injection vector
  • Direct user input in WHERE clauses - Authentication bypass risks
  • Dynamic table/column names - Structure manipulation attacks
  • Unparameterized LIKE queries - Data enumeration risks
  • Missing input validation - Type confusion attacks

📈 Performance Anti-Patterns

Performance Killers Identified

  • Queries in loops - N+1 problem detection
  • Missing LIMIT clauses - Potential memory exhaustion
  • Unnecessary SELECT * - Bandwidth and memory waste
  • Inefficient JOINs - Cartesian product risks
  • Subqueries vs JOINs - Performance optimization opportunities

🏗️ Framework-Specific Security

Different frameworks have different security patterns that this analysis understands:

  • Laravel - Mass assignment protection, query scopes, Eloquent relationships
  • WordPress - Nonce verification, capability checks, $wpdb prepared statements
  • Node.js - ORM parameterization, connection pooling, async security patterns
  • Raw SQL - Prepared statements, stored procedures, privilege minimization

Best Practices

Get the most valuable insights from your database query analysis:

🎯 Focus Your Analysis

  • "security" - Before production deployment, especially for authentication/payment code
  • "performance" - When investigating slow operations or high database load
  • "comprehensive" - For complete code reviews or security audits

📋 Provide Framework Context

Better context means more accurate analysis:

  • Specify your framework and version: {"framework": "Laravel", "version": "10"}
  • Include database type: {"database": "MySQL", "version": "8.0"}
  • Mention ORM details: {"orm": "Eloquent", "relationships": true}
  • Note custom patterns: {"custom_tables": true, "stored_procedures": true}

🔍 Start with High-Risk Code

Prioritise analyzing code that handles:

  • User authentication and authorization
  • Payment and financial transactions
  • Personal or sensitive data
  • Admin or privileged operations
  • Public-facing search and filtering

⚡ Multi-File vs Single-File

  • Single file analysis - Quick security checks, focused performance review
  • Project-wide analysis - Comprehensive security audit, architectural review
  • Code snippet analysis - Quick validation of suspicious query patterns

Security Testing

Analysis identifies potential vulnerabilities, but always test fixes in a safe environment. Some security improvements might affect application functionality.

Troubleshooting

Hit a snag with database query analysis? Here are solutions to common issues:

Not finding database queries in my code

The analysis isn't detecting the database queries you know are there.

  • Ensure you've specified the correct programming language
  • Check that your ORM/framework patterns are mentioned in context
  • Try "comprehensive" analysis depth for better pattern detection
  • Include framework context: {"framework": "Laravel"}
Too many false positives in security warnings

Getting security warnings for code you believe is safe.

  • Provide more framework context to improve accuracy
  • Specify your security context: {"prepared_statements": true}
  • Use "detailed" instead of "comprehensive" for less aggressive analysis
  • The warnings might be valid - consider a second opinion from a security expert
Missing framework-specific recommendations

Not getting Laravel, WordPress, or other framework-specific insights.

  • Always include framework in context: {"framework": "WordPress"}
  • Specify version numbers: {"framework": "Laravel", "version": "10"}
  • Mention specific patterns: {"eloquent": true, "relationships": true}
  • Use "comprehensive" analysis for maximum framework intelligence
Performance analysis seems shallow

Not getting detailed performance optimization suggestions.

  • Set analysisType to "performance" for focused optimization analysis
  • Include database context: {"database": "MySQL", "indexes": true}
  • Mention scale context: {"high_traffic": true, "large_datasets": true}
  • Use "comprehensive" depth for detailed performance insights
Analysis taking too long on large projects

Project-wide analysis is slow or timing out.

  • Start with single high-risk files instead of entire projects
  • Use "basic" analysis depth for initial assessment
  • Focus on specific directories with database code
  • Ensure your LM Studio model has sufficient memory available

Next Steps

Now that you know how to analyze database queries, explore these security-focused functions:

Complete Security Audit

Comprehensive security analysis across your entire project

WordPress Security Analysis

Specialized security audit for WordPress plugins and themes