Btw, even using psql directly allows binding parameters https://www.postgresql.org/docs/current/app-psql.html