How to fix CWE-89- SQL Injection for golang

Is this piece of code useful to you ?

sql := "SELECT * FROM organization WHERE id = ?"
tx, err := db.Begin()
if err != nil {
    return err // handle error appropriately
}
defer tx.Rollback() // ensure rollback in case of error

stmt, err := tx.PrepareContext(ctx, sql)
if err != nil {
    return err // handle error appropriately
}
defer stmt.Close() // ensure statement is closed

rows, err := stmt.QueryContext(ctx, orgID)
if err != nil {
    return err // handle error appropriately
}
defer rows.Close() // ensure rows are closed

// Process rows here

if err := tx.Commit(); err != nil {
    return err // handle error appropriately
}

Key Points:

Error Handling: Each step checks for errors and handles them appropriately.

Transaction Handling: The transaction is rolled back if any error occurs, and committed only if everything succeeds.

Resource Management: Statements and rows are properly closed to avoid resource leaks.

Thanks for your reply. But the issue is occurring at "stmt.ExecContext(ctx, orgID)", It can't directly input orgID to ExecContext function. When using struct to wrapper orgID can pass SQL Injection verification. But this solution is not generally way to operate SQL.

The sample code can pass verification

type Input struct{
    OrgID string
}

func Query(input *Input){
    sql := "SELECT * FROM organization where id = ?"
    tx := db.begin()
    stmt, err := tx.Prepare(SQL)
    stmt.ExecContext(ctx, input.OrgID)
}