How to Use Prepared Statements in Rust

Database
2026-04-17T14:12:14+00:00
Use external Rust libraries like sqlx or diesel to execute parameterized queries that prevent SQL injection.

Rust does not have built-in prepared statements; you must use a database driver like sqlx or diesel to execute parameterized queries safely. Use the driver's query builder to bind variables to placeholders, preventing SQL injection without manual string concatenation.

use sqlx::SqlitePool;

async fn get_user(pool: &SqlitePool, user_id: i32) -> Result<Option<String>, sqlx::Error> {
    let name = sqlx::query_scalar::<_, String>("SELECT name FROM users WHERE id = ?")
        .bind(user_id)
        .fetch_optional(pool)
        .await?;
    Ok(name)
}