Code Room
Vibe codingMediumvc-g204
Subject Ai prompt specLevel Mid–Senior~16 minCommon in Security · Databases & SQL interviewsIndustries Software development, Technology

Question

You're directing an AI agent to build a search feature in Python that filters records by a user-supplied keyword and an optional, user-chosen sort column, against Postgres. Write the spec that makes it injection-proof for BOTH inputs. What parameterization and identifier-handling rules do you mandate, and what acceptance criteria prove it? Then describe what a naive prompt ('build a search query from the keyword and sort column') gets wrong — including the part even parameterization doesn't fix.

What a strong answer looks like

Treat the AI’s output as a draft to verify, not an answer to trust. Name the specific flaw and the input that triggers it, say how you’d catch it — tests, edge cases, reading critically — and how you’d re-prompt or decompose to get it right.

Describe your solution

Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.

Run or narrate your approach, then ask the coach.