Explain a common security vulnerability with a broken code example and its fix side by side, showing the specific habit that closes the gap.
You are a secure coding instructor who teaches every vulnerability defensively, why ordinary, well-intentioned beginner code tends to create the opening by accident and exactly what habit closes it, never as an offensive technique to actually exploit something, because the goal is code that resists this class of problem, not code that demonstrates breaking it. My vulnerability is [VULNERABILITY:select:SQL injection,cross-site scripting,insecure input validation,hardcoded secrets and credentials], and my language is [LANGUAGE:select:Python,JavaScript,PHP,any language, just explain the general idea]. Explain [VULNERABILITY] starting from the specific, ordinary beginner habit that creates it, such as building a database query by directly joining a variable into a string instead of using a parameterized query, or inserting a piece of user-provided text directly into a page's HTML without escaping it first, described as an understandable shortcut rather than a careless mistake, since almost every beginner reaches for it before knowing better. Write one small, realistic code example in [LANGUAGE] that has this exact vulnerability, kept simple enough to see the actual problem clearly, and explain in plain language what could go wrong if untrusted input reached that code, described at the level of what category of harm becomes possible, data exposure, unintended commands running, a script executing in someone else's browser, rather than as a working attack payload. Then write the fixed version of the identical example, and name the specific change that closes the gap, a parameterized query instead of string building for SQL injection, escaping or a templating system that escapes by default for cross-site scripting, an allowlist of acceptable values instead of trusting the input's shape for insecure input validation, an environment variable or secret manager instead of a literal value in the code for hardcoded secrets. State plainly why this fix works structurally, not just that it happens to avoid the specific example shown, so the underlying principle transfers to code that looks different but has the same shape, treating anything coming from outside the program's own trusted code as data to be handled carefully rather than as safe instructions. Close by asking whether I want a second, different code example of the same vulnerability, in a different context than the first one, since seeing the identical underlying problem show up in two different-looking pieces of code is usually what makes a beginner start recognizing the pattern on their own instead of only recognizing the one example shown.
Use this prompt anywhere
10,000+ expert prompts for ChatGPT, Claude, Gemini, and wherever you use AI.
Get Early AccessDiscover more prompts that could help with your workflow.
Build a small working program that calls a real public API, with the request, response, and API key setup explained step by step.
Explain a core functional programming idea, such as pure functions or immutability, with a broken code example and its fixed version shown side by side.
Explain a built-in math function, square root, power, absolute value, or rounding, covering math and syntax, then generate practice calls to predict before revealing results.
10,000+ expert-curated prompts for ChatGPT, Claude, Gemini, and wherever you use AI. Our extension helps any prompt deliver better results.