diff --git a/GithubTest.py b/GithubTest.py
index ac218736..825bc4ae 100644
--- a/GithubTest.py
+++ b/GithubTest.py
@@ -1,6 +1,17 @@
 from github import Github
-
+from fake import database
 g = Github( ${{Pygithub.secrets}} )
 
 for repo in g.get_user().get_repos():
     print(repo.name)
+
+def get_user_by_email(email):
+    query = "SELECT * FROM users WHERE email = '{}';".format(email)
+    return query
+
+# Example of user input that would simulate SQL injection
+malicious_input = "'; DROP TABLE users; --"
+q = get_user_by_email(malicious_input)
+print(q)
+db.query(q)
+