diff --git a/src/Database/Concerns/ManagesPostgresUsers.php b/src/Database/Concerns/ManagesPostgresUsers.php
index a749469e..25b365c6 100644
--- a/src/Database/Concerns/ManagesPostgresUsers.php
+++ b/src/Database/Concerns/ManagesPostgresUsers.php
@@ -77,6 +77,6 @@ trait ManagesPostgresUsers
 
     public function userExists(string $username): bool
     {
-        return (bool) $this->connection()->select("SELECT usename FROM pg_user WHERE usename = '{$username}'");
+        return (bool) $this->connection()->select("SELECT usename FROM pg_user WHERE usename = ?", [$username]);
     }
 }
diff --git a/src/Database/TenantDatabaseManagers/MicrosoftSQLDatabaseManager.php b/src/Database/TenantDatabaseManagers/MicrosoftSQLDatabaseManager.php
index da993956..25551f91 100644
--- a/src/Database/TenantDatabaseManagers/MicrosoftSQLDatabaseManager.php
+++ b/src/Database/TenantDatabaseManagers/MicrosoftSQLDatabaseManager.php
@@ -22,6 +22,6 @@ class MicrosoftSQLDatabaseManager extends TenantDatabaseManager
 
     public function databaseExists(string $name): bool
     {
-        return (bool) $this->connection()->select("SELECT name FROM master.sys.databases WHERE name = '$name'");
+        return (bool) $this->connection()->select("SELECT name FROM master.sys.databases WHERE name = ?", [$name]);
     }
 }
diff --git a/src/Database/TenantDatabaseManagers/MySQLDatabaseManager.php b/src/Database/TenantDatabaseManagers/MySQLDatabaseManager.php
index b86faef2..c798d12f 100644
--- a/src/Database/TenantDatabaseManagers/MySQLDatabaseManager.php
+++ b/src/Database/TenantDatabaseManagers/MySQLDatabaseManager.php
@@ -24,6 +24,6 @@ class MySQLDatabaseManager extends TenantDatabaseManager
 
     public function databaseExists(string $name): bool
     {
-        return (bool) $this->connection()->select("SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = '$name'");
+        return (bool) $this->connection()->select("SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = ?", [$name]);
     }
 }
diff --git a/src/Database/TenantDatabaseManagers/PermissionControlledMicrosoftSQLServerDatabaseManager.php b/src/Database/TenantDatabaseManagers/PermissionControlledMicrosoftSQLServerDatabaseManager.php
index b373f41e..5e78fce2 100644
--- a/src/Database/TenantDatabaseManagers/PermissionControlledMicrosoftSQLServerDatabaseManager.php
+++ b/src/Database/TenantDatabaseManagers/PermissionControlledMicrosoftSQLServerDatabaseManager.php
@@ -42,7 +42,7 @@ class PermissionControlledMicrosoftSQLServerDatabaseManager extends MicrosoftSQL
 
     public function userExists(string $username): bool
     {
-        return (bool) $this->connection()->select("SELECT sp.name as username FROM sys.server_principals sp WHERE sp.name = '{$username}'");
+        return (bool) $this->connection()->select("SELECT sp.name as username FROM sys.server_principals sp WHERE sp.name = ?", [$username]);
     }
 
     public function makeConnectionConfig(array $baseConfig, string $databaseName): array
diff --git a/src/Database/TenantDatabaseManagers/PermissionControlledMySQLDatabaseManager.php b/src/Database/TenantDatabaseManagers/PermissionControlledMySQLDatabaseManager.php
index 47ec11a2..09040725 100644
--- a/src/Database/TenantDatabaseManagers/PermissionControlledMySQLDatabaseManager.php
+++ b/src/Database/TenantDatabaseManagers/PermissionControlledMySQLDatabaseManager.php
@@ -53,6 +53,6 @@ class PermissionControlledMySQLDatabaseManager extends MySQLDatabaseManager impl
 
     public function userExists(string $username): bool
     {
-        return (bool) $this->connection()->select("SELECT count(*) FROM mysql.user WHERE user = '$username'")[0]->{'count(*)'};
+        return (bool) $this->connection()->select("SELECT count(*) FROM mysql.user WHERE user = ?", [$username])[0]->{'count(*)'};
     }
 }
diff --git a/src/Database/TenantDatabaseManagers/PermissionControlledPostgreSQLSchemaManager.php b/src/Database/TenantDatabaseManagers/PermissionControlledPostgreSQLSchemaManager.php
index b528d4e3..fbf02d5a 100644
--- a/src/Database/TenantDatabaseManagers/PermissionControlledPostgreSQLSchemaManager.php
+++ b/src/Database/TenantDatabaseManagers/PermissionControlledPostgreSQLSchemaManager.php
@@ -27,7 +27,7 @@ class PermissionControlledPostgreSQLSchemaManager extends PostgreSQLSchemaManage
         $this->connection()->statement("GRANT USAGE, CREATE ON SCHEMA \"{$schema}\" TO \"{$username}\"");
         $this->connection()->statement("GRANT USAGE ON ALL SEQUENCES IN SCHEMA \"{$schema}\" TO \"{$username}\"");
 
-        $tables = $this->connection()->select("SELECT table_name FROM information_schema.tables WHERE table_schema = '{$schema}' AND table_type = 'BASE TABLE'");
+        $tables = $this->connection()->select("SELECT table_name FROM information_schema.tables WHERE table_schema = ? AND table_type = 'BASE TABLE'", [$schema]);
 
         // Grant permissions to any existing tables. This is used with RLS
         foreach ($tables as $table) {
@@ -37,9 +37,9 @@ class PermissionControlledPostgreSQLSchemaManager extends PostgreSQLSchemaManage
             $primaryKey = $this->connection()->selectOne(<<<SQL
                 SELECT column_name
                 FROM information_schema.key_column_usage
-                WHERE table_name = '{$tableName}'
+                WHERE table_name = ?
                 AND constraint_name LIKE '%_pkey'
-            SQL)->column_name;
+            SQL, [$tableName])->column_name;
 
             // Grant all permissions for all existing tables
             $this->connection()->statement("GRANT ALL ON \"{$schema}\".\"{$tableName}\" TO \"{$username}\"");
diff --git a/src/Database/TenantDatabaseManagers/PostgreSQLDatabaseManager.php b/src/Database/TenantDatabaseManagers/PostgreSQLDatabaseManager.php
index 82a5963f..7338306e 100644
--- a/src/Database/TenantDatabaseManagers/PostgreSQLDatabaseManager.php
+++ b/src/Database/TenantDatabaseManagers/PostgreSQLDatabaseManager.php
@@ -20,6 +20,6 @@ class PostgreSQLDatabaseManager extends TenantDatabaseManager
 
     public function databaseExists(string $name): bool
     {
-        return (bool) $this->connection()->select("SELECT datname FROM pg_database WHERE datname = '$name'");
+        return (bool) $this->connection()->select("SELECT datname FROM pg_database WHERE datname = ?", [$name]);
     }
 }
diff --git a/src/Database/TenantDatabaseManagers/PostgreSQLSchemaManager.php b/src/Database/TenantDatabaseManagers/PostgreSQLSchemaManager.php
index d0fb0337..af69df92 100644
--- a/src/Database/TenantDatabaseManagers/PostgreSQLSchemaManager.php
+++ b/src/Database/TenantDatabaseManagers/PostgreSQLSchemaManager.php
@@ -20,7 +20,7 @@ class PostgreSQLSchemaManager extends TenantDatabaseManager
 
     public function databaseExists(string $name): bool
     {
-        return (bool) $this->connection()->select("SELECT schema_name FROM information_schema.schemata WHERE schema_name = '$name'");
+        return (bool) $this->connection()->select("SELECT schema_name FROM information_schema.schemata WHERE schema_name = ?", [$name]);
     }
 
     public function makeConnectionConfig(array $baseConfig, string $databaseName): array