Currently, the query structure uses string interpolation to fill in values of worker, topic, payment, etc. In theory, this could allow for some kind of SQL injection into the query that could cause inappropriate SQL code to be run. I would like to move to a safer query structure that uses prepared statements. We've already been using this safer query structure in a few places, so it should be easy to do. It just needs to be applied across a bunch of files.